logo_kerberos.gif

Difference between revisions of "Projects/Remove krb4"

From K5Wiki
Jump to: navigation, search
(Pending Discussion)
(What will be removed)
Line 8: Line 8:
   
 
* The libkrb4 and libdes425 libraries
 
* The libkrb4 and libdes425 libraries
* The krb524 daemon and client code
+
* The krb524 daemon and client code (krb5_524_convert_creds will remain as a stub for ABI stability)
 
* Client program code to retrieve and manipulate krb4 tickets
 
* Client program code to retrieve and manipulate krb4 tickets
 
* Application (rlogin, telnet, etc.) code to perform krb4 authentication
 
* Application (rlogin, telnet, etc.) code to perform krb4 authentication

Revision as of 17:45, 9 December 2008

This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


The goal of this project is to remove most of the krb4 code from the Kerberos source code base.

What will be removed

For the most part, code will be removed if it is not compiled in without the --with-krb4 flag. Specific code to be removed includes:

  • The libkrb4 and libdes425 libraries
  • The krb524 daemon and client code (krb5_524_convert_creds will remain as a stub for ABI stability)
  • Client program code to retrieve and manipulate krb4 tickets
  • Application (rlogin, telnet, etc.) code to perform krb4 authentication
  • The kerberosIV headers
  • Test cases for krb4 functionality
  • Build system conditionalization for compiling krb4 code
  • krb4 request handling in the KDC
  • fakeka support in the KDC
  • loadv4/dumpv4 support in kdb5_util

What will be kept

Some krb4-related code should be kept because it is important in post-krb4 environments or would be disruptive to remove. These pieces of code include:

  • Code to support KRB5_KDB_SALTTYPE_V4
  • krb5_524_conv_principal and krb5_425_conv_principal
  • The SRVTAB keytab type
  • The setv4key RPC handler in kadmind
  • The rst/wst (read srvtab/write srvtab) functions in ktutil

Except for rst/wst, all of these pieces are currently compiled in even without --with-krb4, and are implemented without referencing libkrb4 or the kerberosIV headers.

The rst/wst code in ktutil is currently implemented separately from the SRVTAB keytab code, and is not compiled in without --with-krb4. These functions will be reimplemented to be aliases for "rkt/wkt SRVTAB:pathname".

Timeline

Code removal is expected to take about two weeks and should be completed by December 19. This project is a deliverable for the krb5 1.7 release.

Pending Discussion

The CCache, KIM, and Windows code contain krb4-related code. This code is not compiled as part of the Unix release or covered by the Unix test suite. We will need to discuss resource allocation for removing krb4 code from these areas.