Should we continue with Heimdal (was: Re: [PATCH] Some coverity fixes)
Andrew Bartlett
abartlet at samba.org
Wed May 13 00:23:04 MDT 2015
On Tue, 2015-05-12 at 09:41 +0200, Andreas Schneider wrote:
> The last time I asked for help for development they completely ignored me. So
> I consider this project dead and will not invest any time in Heimdal. If you
> still like riding a dead horse instead of going with MIT KRB5 ...
Andreas,
I really don't think that one single mail to heimdal-discuss (as far as
my archives show) is really the best measure to write off an open source
community, but I would agree that Heimdal isn't in the best of states,
much like MIT was in a very poor state when we started this effort, so
many long years ago.
I know this must sound strange, but I really look forward to the day
that you get the MIT Krb5 port finished, and we can just use a solid,
widely distributed system library. I admire the work done so far, but I
also fear we are still a very long way off, based on the work that was
required for Heimdal. That is, there were just so many small but
critical details.
The tests I wrote recently should help a lot however, in ensuring
correctness at least with the KDC protocols. We need some similar tests
around the GSSAPI layer, for features like DCE_STYLE authentication and
some of the auto-skew handling.
I think we will continue to have similar challenges when we need small
but critical changes to the library sooner than a RHEL package might
allow, but we can both agree that this isn't a new problem in Free Software.
However, when we get there, when all the internal and windows-integration
tests pass (and I am confident in your team's abilities that
we will succeed in this eventually), then I would like to seriously discuss if
maintaining two alternate solutions here is really worth the costs
involved, and the risks/benefits of supporting just one, system Kerberos
library.
While it saddens me that we have to go to so much effort to change horses,
dead or otherwise, I don't fancy riding two of them at the same time in the
long term.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list