From Fedora Project Wiki

Revision as of 19:22, 14 November 2017 by Rharwood (talk | contribs)


Kerberos in Python modernization

Summary

Replace usage of python-krbV and pykerberos with python-gssapi in all Fedora packages to enable their removal from Fedora.

Owner

Current status

  • Targeted release: Fedora 28
  • Last updated: 2017-11-14
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Replace older, clunkier, less user-friendly python interfaces to Kerberos with python-gssapi. python-gssapi uses the GSSAPI interface, which is widely standardized, implemented by both MIT and Heimdal Kerberos, and much more user-friendly.

TODO: requests

Benefit to Fedora

python-krbV has no python3 support, so its replacement helps projects move to python3.

pykerberos is a very minimal implementation intended for use in calendar server and not intended for consumption by other applications. It has almost no documentation.

python-gssapi is substantially more maintainable than python-krbV and pykerberos, and uses the preferred interface to Kerberos (GSSAPI). Its upstream is active (i.e., not dead) and it is hosted in a reasonable way (its own repository on github) that is friendly to new contributors. The project runs PR CI on Fedora explicitly already.


Scope

  • Proposal owners: rharwood (responsible for providing patches)
  • Other developers: maintainers of affected packages are expected to perform code review
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

All dependency changes should be handled seamlessly by dnf without additional input from the user.

How To Test

The following should all produce no results:

dnf repoquery --whatrequires python-krbV

dnf repoquery --whatrequires python-kerberos

dnf repoquery --whatrequires python3-kerberos

TODO: requests?

User Experience

Change should not be noticeable, except to any users of the deprecated packages directly.

TODO: requests

Dependencies

python-krbV:

  • beaker-client
  • koji-web
  • python2-koji

python2-kerberos:

  • did
  • offlineimap
  • python2-nitrate
  • python2-urllib2_kerberos
  • waiverdb

TODO requests

python3-kerberos:

  • (none)

TODO requests

Contingency Plan

  • Contingency mechanism: Ship them. python-krbV removal is highest priority since no python3 support.
  • Contingency deadline: Beta
  • Blocks release? No
  • Blocks product? No

Documentation

python-gssapi docs can be found here: https://pythonhosted.org/gssapi/

Release Notes