> > That seems like a sufficiently long deprecation window, but is gssapi > > a full substitute for krb5? I don't really have a strong opinion on > > this, not being a user myself. > > I'm pretty sure that it is. > > Stephen, you usually have comments about the Kerberos stuff - want to > comment on this one? :)
The biggest risk that I can think of regarding deprecating krb5 would be platforms (if any still exist...) which don't have GSSAPI. Is it
I have no idea what platform that would be. Both the standard implementations of krb5 have supported gssapi since forever. The only nonstandard environment we support there is Windows, and that one *only* has support for GSSAPI/SSPI.
possible to see that from the buildfarm information or from the configure results that people have for any strange/different platforms out there? The other question would be if we think anyone's actually
Well, we can remove it and see if it breaks :)
using krb5 on those platforms and/or would people in those situations be willing/able to move to a different library which supports GSSAPI.
I'm all for deprecating krb5 myself, but I wouldn't want to break things for people without good cause.
It's been deprecated for *years*. This is about removing it.
The cause would be to keep the code clean and less maintenance of security code in general, is a good thing.