[MIR] heimdal

- Availability

Currently available in Universe, building on all currently supported architectures
https://launchpad.net/ubuntu/+source/heimdal

- Rationale

This MIR is about the availability of libpam-heimdal. Post Lucid, libpam-heimdal and libpam-krb5 source packages were merged into a single libpam-krb5 source package which builds against both Kerberos implementations, MIT and Heimdal. Since heimdal is not in main it has not been possible to pull that version of the package in from Debian. The PAM library did not exist beyond Lucid until just recently where the Lucid version was copied to maverick-updates and natty-updates but, as of June 21, these packages failed to install due to dependency issues [1]. An SRU will be needed for 10.10 and 11.04 but an MIR is needed for 11.10. This was discussed at UDS Oneiric [2] even though this item only resides on the etherpad notes [3].

[1]: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/663319
[2]: https://blueprints.launchpad.net/ubuntu/+spec/foundations-o-corporate-mirs
[3]: http://summit.ubuntu.com/uds-o/meeting/foundations-o-corporate-mirs

- Security

  Vulnerabilities and advisories:

 http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=heimdal: OK, but I could not confirm CVE-2007-5939 - affects old heimdal version (0.72)
 http://secunia.com/advisories/search/?search=heimdal: OK
 http://www.h5l.org/advisories.html: OK
 http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0361.html: CVE-2009-0361 - needs triage for Ubuntu 8.04

  Executables (suid or sgid): NO

  Executables (/sbin, /usr/sbin):

 heimdal-clients: usr/sbin/kimpersonate
 heimdal-clients: usr/sbin/kadmin
 heimdal-clients: usr/sbin/ktutil
 heimdal-clients: usr/sbin/push
 heimdal-kcm: usr/sbin/kcm
 heimdal-kdc: usr/sbin/kstash
 heimdal-kdc: usr/sbin/hprop
 heimdal-kdc: usr/sbin/hpropd
 heimdal-kdc: usr/sbin/iprop-log
 heimdal-kdc: usr/sbin/ipropd-master
 heimdal-kdc: usr/sbin/ipropd-slave
 heimdal-servers: usr/sbin/kfd
 heimdal-servers: usr/sbin/ftpd
 heimdal-servers: usr/sbin/rshd
 heimdal-servers: usr/sbin/telnetd
 heimdal-servers: usr/sbin/popper
 heimdal-servers-x: usr/sbin/kxd

  Packages which install daemons:

  heimdal-kdc: usr/lib/heimdal-servers/kdc

  Packages which open privileged ports:

 heimdal-kdc: 88/tcp
 heimdal-kdc: 88/udp
 heimdal-kdc: 749/tcp
 heimdal-kdc: 749/udp
 heimdal-kdc: 754/tcp

  Add-ons and plugins to security-sensitive software: NO

- Quality assurance

  Major long-term outstanding usability bugs:

        https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/663319 (as discussed above)

  Important bugs:

 Debian:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430888 (old)
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457877 (old)
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485962

 Ubuntu:
 https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/663319 (as discussed above)

 Upstream:
 http://is.gd/k5hF6K (tracker is overrun by spam)

  Debconf: 2 medium priority (heimdal-kdc)

- UI standards
N/A

- Dependencies
OK

- Standards compliance
OK

- Maintenance
Package is maintained in Debian (Brian May). Recent uploads:

10 Apr 2011
21 Feb 2011
20 Feb 2011
25 Jan 2011

- Background information
Canonical Support has a private bug/escalation open that corresponds to public bug #663319 (#784039). I am the contact person for this as well.