So let’s talk kerberos for a second. We all know about heimdal and MIT’s reference implementation (whatever that means) and so on. In Gentoo, at the moment, the two block each other — meaning you can not have both installed at once. This causes some problems because if you have a predilection to, say, heimdal, oftentimes portage will ask you to unmerge it so that it can merge mit-krb5 as a dependency for something else. The latest example is the newest nfs-utils release. Which brings me back around to try and solve the problem of having cohabitating kerberi on your gentoo system.
The current proposal that I’ve discussed with Ryan a few weeks ago involves:
1. Since both kerberi (and probably shishi, which it not in portage yet, but I’m looking into it) install a few common files, we’d remove those to a kerberos-common package which would be a runtime dependency for all the kerberi. This package would contain also a script to switch the system’s kerberos similar to gcc-config and the like (and at this point, it’s probably better to just write up an eclectic plugin. This would solve the blocking implementations problem.
Oh listen, while we’re on the subject of heimdal, I’d really like to have /var/heimdal moved to /var/lib/heimdal, but I don’t want to break people’s setups. I believe the latter to be more FHS-correct.
2. The other problem is more of an issue related to my neuroses than anything else. To take the latest example (see nfs-utils above) — it fails to compile with heimdal. And someone else had issues compiling something against heimdal, for whom I gave a hacky fix (basically renaming the filenames being #included). So I’m thinking maybe some compatibility symlinks for both mit- and heimdal, and some other work to make packages which need kerberos be actually implementation-agnostic.
Having said all this, I’m not in any way, shape or form, kerberos proficient, so I’m definitely open to input and opinions and comments and criticisms (though I’d prefer critiques which tend to be more productive).
But wait, there’s more: at the moment, there’s collisions in the installed files between heimdal and e2fsprogs. So we’re trying to breakout comerr and et out of e2fsprogs and make that a dependency of both anyway (if I remember correctly, both kerberi need et at least).
At least in debian heimdal is using comerr and et from e2fsprogs.
Both heimdal and MIT kerberos provides a krb5-config (once again at least in debian).