>Number:         14988
>Category:       bin
>Synopsis:       kerberos support in src/usr.bin/passwd useless
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 18 01:53:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Klausner
>Release:        1.5Z/2001.12.18
>Organization:
>Environment:
	
System: NetBSD hiro 1.5Y NetBSD 1.5Y (HIRO) #0: Fri Sep 21 22:58:00 CEST 2001 wiz@hiro:/archive/cvs/src/sys/arch/i386/compile/HIRO i386
Architecture: i386
Machine: i386
>Description:
src/usr.bin/passwd/Makefile includes the following fragment:

.if (${MKKERBEROS} != "no")
CPPFLAGS+= -DKERBEROS5 -I${DESTDIR}/usr/include/krb5
SRCS+=  krb5_passwd.c

LDADD+= -lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lcrypt
.endif

But the resulting executable only tries to use kerberos features
if its argv[0] is "kpasswd". The kpasswd(1) installed is the one from
Heimdal, though (crypto/dist/heimdal/kpasswd).
We should decide what we want, it doesn't make sense to compile in
code that won't be used.
>How-To-Repeat:
Read src/usr.bin/passwd/Makefile and src/usr.bin/kpasswd/Makefile
and wonder.
>Fix:
Either
a) install src/usr.bin/passwd as kpasswd, or
b) drop support for kerberos from src/usr.bin/passwd.
Option a) looks better for me since src/usr.bin/passwd provides
more options, but what do I know about kerberos... (nothing).
After the decision for one or the other is made,
passwd should be made to honour the '-4', '-5', '-k', and other
kerberos related flags, or their mention should be dropped from the man
page (passwd -y doesn't work either, btw.).
Then misc/14959 should be handled.
>Release-Note:
>Audit-Trail:
>Unformatted: