Re: kpasswd

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 08:32 AM 10/15/2003, Allan E Johannesen wrote:
>It appears that the --enable-kpasswd option is gone from openldap 2.1.23

Use
        env ol_enable_kpasswd=yes ./configure 
instead.

That is, the feature (as broken as it is) still remains.

>I recall some discussion about the {kerberos} option in the user password, but
>I thought that the concensus was that people were using this didn't want it to
>be discontinued.

The code was disabled not because too feature wanted support for it
to be continued, but because too few people stood up and supported
the code.  That is, the code is broken and nobody seems willing to
fix it.

The project long standing approach to broken code is to phase it
out.  Disabling configure options is one of the first phases in
this process.  It's generally followed by moving the broken code
to the Attic.

If just one person using this code were to start to maintaining it,
the process would likely be halted and maybe even reversed.

>I guess I was wrong and the decision was made to remove it.

A policy was established long ago that broken code is to be
phased out.  This code has been considered broken for quite
some time (as evident by the many ITSs).  The lack of action
by those wanting this feature to be supported to resolve
outstanding issues lead to my recent action to start the
phasing out the code.

>It didn't seem to warrant a line in the release notes.

Yes.

>Is that gone for good?  Is it a mistake in the release?

See above.  No.

>What should people do for id/password authentication from now on?

I wouldn't suggest you use Kerberos for username/password
authentication.