> > I don't remember any agreement to remove krb4 in 7.5. Am I wrong? > > My recollection is we had at least one person still using it, who > was apparently unworried by the security issues.
Peter Eisentraut <[EMAIL PROTECTED]>: As long as people are still using it, I see no reason. Just the other day someone reported that he was trying to get it to work in his environment. Tom Lane <[EMAIL PROTECTED]>: I wouldn't mind pulling it from 7.5, if the 7.4 docs say we are going to and no one complains. > While I think deprecating krb4 is a good idea, I don't see any need > to remove it. It's not costing us any maintenance effort to leave > it there, is it? Bruce Momjian <[EMAIL PROTECTED]>: Did we decide we _didn't_ want to remove krb4? Removal seems like a good idea to me, but I am just checking if the consensus was to keep it. I think someone said it was OK in a closed environment or something. Maybe we need to document that it is not recommended. Bruce Momjian <[EMAIL PROTECTED]>: True, but it does bloat our distribution. I had to work around its need for gethostname() while I was coding the Win32 port, so it doesn't stay around with zero maintance. *shrug* It's not possible to upgrade from krb4 to krb5 by running a simple conversion program, but there is a krb425d daemon that exchanges krb4 tickets for krb5 tickets which makes upgrading more less painful. It's not like users of krb4 are left without any recourse or documentation for getting krb4 to work with PgSQL. MIT has documented how to do this quite well and has been pushing for this to happen for at least 3-4 years now. http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3/doc/krb425.html#Introduction When the BSDs dumped support for krb4 from the base, I don't recall a single email from someone complaining as almost everyone who uses krb uses hiemdal or MIT krb5. -sc -- Sean Chittenden ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
