Matthew Andrews writes:

> has anyone attempted to use the patch included in this with newer MIT
> kerberos releases? I'm particularly interested in 1.6.1 with RHEL5
> patches, but if someone has tried this with a similar vintage krb5 I'd
> expect it to be helpful.

I personally haven't looked at it at all. I'm not sure when I'll get a
chance to do so; we're fairly happy with 1.4, and haven't yet seen a lot
of reason to upgrade to 1.6 (and have seen some issues with 1.6 around
changes related to referrals that make us want to carefully plan
upgrades). I expect we'll upgrade to 1.6 as part of upgrading our KDCs
from etch to lenny, sometime after the Debian lenny release.

The long-term goal is to add a plugin system to MIT kadmind using the new
plugin support code in 1.6 and later, allowing krb5-sync to just provide a
plugin and not provide a patch. I put together a proposal for this, but
it has a bunch of unanswered questions and I haven't had time to work on
it further.

Russ Allbery (