Comment 10 for bug 2044535

Yes, I understand, with MIT Kerberos V in main there is some overlap with libgssglue, and the reasons for including libgssglue seems to be: 1) allow other libraries/applications to avoid the direct libkrb5 dependency, 2) allow admins to chose between Heimdal and MIT Kerberos V as the kerberos implementation for libraries/applications that link to libgssglue, and 3) minimize packaging differences of the 'gsasl' package which is in main. Hopefully the costs of maintaining 'ligbssglue' in 'main' are not huge, and I'm committed to help as libgssglue upstream maintainer and Debian package maintainer.

I had another look at packages in main that links to libkrb5, and 'fetchmail' may be one project to work on: it already links to libgssglue-dev for all GSS-API related stuff (IMAP/SMTP/etc) and the only use of the direct libkrb5 dependency is for KPOP which I wonder if it is worth keeping around.

However I think the nicest project to modify would be OpenSSH, it doesn't seem hard to avoid the libkrb5 dependency: OpenSSH uses GSS-API for almost everything except for Kerberos 5 userok and store_cred, which were lacking in GSS-API at the time OpenSSH added GSS-API support, but APIs for that was added to the GSS-API framework 10+ years ago. I'll put working on a proof-of-concept for this on my todo list.