Request for main: lib{nss,pam}-{ldap,krb5}

Diego González dggonz at
Sat Nov 20 17:07:02 CST 2004

<quote who="Jerry Haltom">

> I would like to request support for these 3 packages in Ubuntu main.
> libnss-ldap
> libpam-ldap
> libpam-krb5
> These packages are extremely important in an office environment with a
> shared user base and Kerberos network. Proper integration and support of
> these modules would be a major plus.

>Totally agree, these are major oversights - should have been in warty.
>Thanks for pointing this out, despite the embarrassment. :-)

Before including this packages maybe some kind of discussion would be
needed about whether to standarize Ubuntu on MIT krb5 or Heimdal.

I have been setting up heimdal about a month ago or so, and the
community around Heimdal seemed a lot more active than the one around
MIT krb5. Heimdal poeple have integration with LDAP (on the server)
and the next stable version going out early next year will have
support for PKINIT, which i think is interesting.

The LDAP integration in the server will be required to make samba4
work as a domain controller for Windows XP/2000 computers, the people
working on samba4 are collaborating with the heimdal developers to
make this happend.

Maybe all this things should be further investigated before
standaricing on one implementation or the other.

> libpam-krb5 has a few problems with it: it won't always create a ticket
> cache. This is a major hurdle for adoption. I hacked around in the code a
> bit about a half year ago on Debian, but was unable to devote the time
> necessary to fix it.
> libpam-krb5 is an interesting beast. There are a number of forks floating
> around. Debian uses one, RedHat uses another that is almost totally
> different (it works).

>Perhaps we should investigate their version - feel like doing a summary of
>the differences (origin, features, etc)? :-)

More information about the ubuntu-devel mailing list