Sam Hartman <hartm...@debian.org> writes: > Here are my thoughts.
> 1) There are things we could choose to do in krb5-config to make things > better for Debian. I made one proposal. It's not clear that's > necessary though. The concern I have with a fix in krb5-config is that it's not entirely clear both what to trigger off of and when to do the modification. If the user upgrades the libraries without krb5-config, things break. When upgrading everything, triggering off the presence of aklog makes some sense, but when doing initial installation, krb5-config will normally be installed before openafs-krb5. I also think we can't really do much if the user didn't let us manage their krb5.conf file, but they'll still have problems on upgrade. > 2) Either upstream or in a Debian-specific API to be removed in the > future--I.E. something not in a public header--we could provide some > exception path for AFS. I talked to Tom on the phone about this today and proposed an additional API that would let an application re-enable weak enctypes and rebuild the enctypes list. This is roughly equivalent to the Heimdal API. I think this is the best solution. > 3) Complaining about the KDC log error upstream definitely seems > reasonable. > I'm about to head out for the weekend. There's no reason that I need to > be the one discussing these issues, but I'm happy to take responsibility > for #3 above. I'll follow up on #2. Enjoy your weekend! -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
