On Wed, May 04, 2016 at 11:44:35AM +0200, u-myfx_at_aetey.se wrote:
> version differing from upstream, with locally maintained patches. The
> main reason is that we depend on transparent support for Kerberos
> authentication. The upstream version contains Kerberos-related hooks
> but they are unfortunately insufficient for actual deployment.

The upstream version was used as far as I know to integrate with the
kerberos realms of ANDREW.CMU.EDU and CS.CMU.EDU. But I have never seen
them in use that way, so I can't even tell you if it was using
kerberos4, kerberos5 or a mix of the two.

Either way if the upstream hooks are insufficient for actual deployment,
I guess they should be removed so that nobody has to bother trying to set
up something that won't work anyway. Or is your code dependent on these
insufficient hooks?

Jan