OpenBSD Journal

Tedu Kerberos from LibreSSL?

Contributed by tbert on from the alas-poor-srp-we-hardly-knew-ye dept.

Ted Unangst (tedu@) of tedu fame writes in to tech@ asking whether or not there are users of Kerberos or SRP (Secure Remote Password) who need the functionality:

Hi there. I'm trying to find somebody who is actually using either Kerberos or SRP support in libssl. I'm inclined to remove support for them. While the bulk of the code sits off to the side, the integration requires adding several additional cases to some of the most critical paths.

For reference, OpenBSD hasn't ever compiled support for either of these features and I haven't seen many complaints. The code has all the hallmarks of something that somebody needed once, threw over the fence, and has been barely maintained on life support ever since. That said, we'd rather not be too hasty in deleting it because unbeknownst to us, it could be useful.

We're looking for somebody to stand up and say "Not only do I need SRP support, but I'm sufficiently invested that I'd like to help maintain it."

Note that I'm not looking for negative responses. You don't need to tell me you think it's ok to delete these features. I already think that.

Also note that I'm not really interested in rumors or whispers. You don't need to tell me that it's possible somebody else uses Kerberos. I know it's possible, that's why I'm asking. I'd like to know who.

Thanks.

If you or one of your loved ones has a need for this, speak now or resurrect the code from the attic.

(Comments are closed)


Comments
  1. By Anonymous Coward (156.35.221.167) on

    Kerberos was useful to me in the past but I can live without it. Never used it in libssl, though. So, I would say it can go to the Attic.

    Minimalism can be considered another security paradigm.

    Comments
    1. By Anonymous Coward (24.207.52.240) on

      > Kerberos was useful to me in the past but I can live without it. Never used it in libssl, though. So, I would say it can go to the Attic.
      >
      > Minimalism can be considered another security paradigm.

      You just did exactly what he had asked people not to do. Please read and attempt to comprehend the initial post completely before replying.

      Comments
      1. By Anonymous Coward (216.16.224.222) on

        > > Kerberos was useful to me in the past but I can live without it. Never used it in libssl, though. So, I would say it can go to the Attic.
        > >
        > > Minimalism can be considered another security paradigm.
        >
        > You just did exactly what he had asked people not to do. Please read and attempt to comprehend the initial post completely before replying.

        Then again, so did at least one OBSD developer on tech@

      2. By Anonymous Coward (2.242.102.17) on

        > You just did exactly what he had asked people not to do. Please read and attempt to comprehend the initial post completely before replying.

        And if he had written in to tech@ with such a message, it might have been bad form, but he did no such thing.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]