[openssl-dev] Kerberos
John Denker
ssx at av8n.com
Sat May 9 05:57:10 UTC 2015
On 05/05/2015 01:21 AM, Matt Caswell wrote:
> I am considering removing Kerberos support from OpenSSL 1.1.0. There are
> a number of problems with the functionality as it stands, and it seems
> to me to be a very rarely used feature.
I don't understand what it means to say the
feature "seems" rarely used. Is there any
actual evidence about the number and/or
importance of uses?
> I'm interested in hearing any
> opinions on this (either for or against).
Opinions are not a good substitute for actual
evidence.
This thread has revealed that some people on
this list would prefer something else, but
that leaves unanswered (and almost unasked)
the question of whether Kerberos is actually
being used.
Personally I don't use it, but that does not
come close to answering the question. A few
moments of googling suggest that some people
are using Kerberos in conjunction with openssl.
For example:
http://linuxsoft.cern.ch/cern/slc61/i386/yum/updates/repoview/krb5-pkinit-openssl.html
> I plan to start preparing the patches to remove it next week.
Why do we think that's worth the trouble?
What evidence is there that removal won't
cause problems? It's hard to prove a negative,
and the recent discussions on this list don't
even come close.
I don't care about Kerberos directly, but it
seems like a poor use of resources to worry
about Kerberos while more pressing issues are
left unaddressed.
More information about the openssl-dev
mailing list