Hi,

On Mon, Jun 20, 2022 at 5:19 PM Andreas Hasenack andreas@canonical.com wrote:

Hi,

I was reviewing an Ubuntu merge of sssd 2.7.1

As a side note: it's better to skip 2.7.1 altogether as it has a serious regression and to use sssd-2.7.2

and saw that the new sssd-idp package links with MIT kerberos libkrad0. libkrad-dev in Debian has this notice in its description[1]:

 This package includes development headers for libkrad0, the MIT
 Kerberos RADIUS library.  You should not use this RADIUS library in
 packages unrelated to MIT Kerberos.

JFTR, 'sssd-idp' ships a new Kerberos plugin ('sssd_krb5_idp_plugin.so') so in this sense "related" to MIT Kerberos.

It looks like that was added as a result of dealing with Debian bug #735323[1], which is what introduced the libkrad-dev package in Debian.

Currently in Ubuntu (and likely Debian, I haven't checked) libkrad0 has only krb5 itself has a reverse dependency[3], and this change will make sssd a new rdep.

Is that notice in libkrad-dev's package description still current, and external projects shouldn't link with libkrad0? What's the reasoning? Or is that no longer relevant?

I'm CCing package maintainers who might not be subscribed to sssd-devel, please include them in any replies if you can.

1. https://salsa.debian.org/debian/krb5/-/blob/master/debian/control#L471
2. https://www.debian.org/Bugs/#735323
3. https://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.jammy/r...