GNU logs - #67555, boring messages

Message sent to guix-patches@HIDDEN:

Subject: [bug#67555] [PATCH 0/2] Add Heimdal Kerberos system services.
Resent-From: Felix Lechner <felix.lechner@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 01 Dec 2023 00:44:01 +0000
Resent-Message-ID: <handler.67555.B.170139140532164 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 67555 <at> debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@HIDDEN>
From: Felix Lechner <felix.lechner@HIDDEN>
Date: Thu, 30 Nov 2023 16:42:20 -0800
Message-ID: <cover.1701390969.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=208.82.101.137;
 envelope-from=felix.lechner@HIDDEN; helo=sail-ipv4.us-core.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
 UNPARSEABLE_RELAY=0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hi,
 This patch series offers system services for Heimdal Kerberos.
 I have been using them in production. The patch includes the documentation
 and system tests for each service. As always, I struggled with the commit
 messages in the official GNU ChangeLog format. Please take what you like
 and adjust as needed. 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.9 SPF_FAIL               SPF: sender does not match SPF record (fail)
 [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
 id=felix.lechner%40us-core.com; ip=2001%3A470%3A142%3A%3A17;
 r=debbugs.gnu.org]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
 mail domains are different
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
 0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
 lines
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Hi,

This patch series offers system services for Heimdal Kerberos. I have been
using them in production. The patch includes the documentation and system
tests for each service.

As always, I struggled with the commit messages in the official GNU ChangeLog
format. Please take what you like and adjust as needed.

Kind regards
Felix

Felix Lechner (2):
  services: kerberos.scm: Rename krb5-service-type and
    krb5-configuration.
  services: kerberos/heimdal.scm: New file, add Heimdal Kerberos
    services.

 doc/guix.texi                     | 117 ++++++++++++++++--
 gnu/local.mk                      |   3 +
 gnu/services/kerberos.scm         | 133 ++++++++++++++++++++-
 gnu/services/kerberos/heimdal.scm | 189 ++++++++++++++++++++++++++++++
 gnu/tests/heimdal-kadmind.scm     |  71 +++++++++++
 gnu/tests/heimdal-kdc.scm         |  71 +++++++++++
 6 files changed, 570 insertions(+), 14 deletions(-)
 create mode 100644 gnu/services/kerberos/heimdal.scm
 create mode 100644 gnu/tests/heimdal-kadmind.scm
 create mode 100644 gnu/tests/heimdal-kdc.scm


base-commit: 2b782f67266b42bb40015bd23ce2443be2f9b01f
-- 
2.41.0

Message sent:

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Felix Lechner <felix.lechner@HIDDEN>
Subject: bug#67555: Acknowledgement ([PATCH 0/2] Add Heimdal Kerberos
 system services.)
Message-ID: <handler.67555.B.170139140532164.ack <at> debbugs.gnu.org>
References: <cover.1701390969.git.felix.lechner@HIDDEN>
X-Gnu-PR-Message: ack 67555
X-Gnu-PR-Package: guix-patches
X-Gnu-PR-Keywords: patch
Reply-To: 67555 <at> debbugs.gnu.org
Date: Fri, 01 Dec 2023 00:44:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 guix-patches@HIDDEN

If you wish to submit further information on this problem, please
send it to 67555 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
67555: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D67555
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to guix-patches@HIDDEN:

Subject: [bug#67555] [PATCH 1/2] services: kerberos.scm: Rename krb5-service-type and krb5-configuration.
Resent-From: Felix Lechner <felix.lechner@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 01 Dec 2023 00:46:01 +0000
Resent-Message-ID: <handler.67555.B67555.170139154832412 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 67555 <at> debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@HIDDEN>
From: Felix Lechner <felix.lechner@HIDDEN>
Date: Thu, 30 Nov 2023 16:45:11 -0800
Message-ID: <7f5ebe249e930c046dafdfc3fb31985d5b820b07.1701390969.git.felix.lechner@HIDDEN>
In-Reply-To: <cover.1701390969.git.felix.lechner@HIDDEN>
References: <cover.1701390969.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

In preparation for a nearby commit that will add actual Kerberos services to
Guix, the older names were made more specific. The original names were
misleading and too generic. The krb5-service-type provided no service at all
but merely created a file at /etc/krb5.conf that is needed to associate
equipment with a Kerberos realm.

The original names further suggested that at least some of the needed servers
might be started, making it necessary to clarify otherwise in the
documentation.

Change-Id: I951c16aedcf1141d7d947f984cf89c22d3cc96ce
---
 doc/guix.texi             | 16 ++++++++--------
 gnu/services/kerberos.scm | 19 ++++++++++++++-----
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 1fd2e21608..a5119d2058 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -29963,10 +29963,10 @@ Kerberos Services
 @subsection Kerberos Services
 @cindex Kerberos
 
-The @code{(gnu services kerberos)} module provides services relating to
-the authentication protocol @dfn{Kerberos}.
+@subsubheading Krb5 Association Service
 
-@subsubheading Krb5 Service
+The @code{(gnu services kerberos)} module provides miscellaneous
+services relating to the authentication protocol @dfn{Kerberos}.
 
 Programs using a Kerberos client library normally
 expect a configuration file in @file{/etc/krb5.conf}.
@@ -29978,15 +29978,15 @@ Kerberos Services
 This service is known to work with the MIT client library, @code{mit-krb5}.
 Other implementations have not been tested.
 
-@defvar krb5-service-type
+@defvar krb5-association-service-type
 A service type for Kerberos 5 clients.
 @end defvar
 
 @noindent
 Here is an example of its use:
 @lisp
-(service krb5-service-type
-         (krb5-configuration
+(service krb5-association-service-type
+         (krb5-association-configuration
           (default-realm "EXAMPLE.COM")
           (allow-weak-crypto? #t)
           (realms (list
@@ -30010,7 +30010,7 @@ Kerberos Services
 @item Accepts services which only support encryption types known to be weak.
 @end itemize
 
-The @code{krb5-realm} and @code{krb5-configuration} types have many fields.
+The @code{krb5-realm} and @code{krb5-association-configuration} types have many fields.
 Only the most commonly used ones are described here.
 For a full list, and more detailed explanation of each, see the MIT
 @uref{https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html,,krb5.conf}
@@ -30035,7 +30035,7 @@ Kerberos Services
 @end table
 @end deftp
 
-@deftp {Data Type} krb5-configuration
+@deftp {Data Type} krb5-association-configuration
 
 @table @asis
 @item @code{allow-weak-crypto?} (default: @code{#f})
diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm
index a6f540a9b6..ec9b6c10b5 100644
--- a/gnu/services/kerberos.scm
+++ b/gnu/services/kerberos.scm
@@ -20,6 +20,7 @@ (define-module (gnu services kerberos)
   #:use-module (gnu services)
   #:use-module (gnu services configuration)
   #:use-module (gnu system pam)
+  #:use-module (guix deprecation)
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (srfi srfi-1)
@@ -33,6 +34,10 @@ (define-module (gnu services kerberos)
             krb5-realm
             krb5-realm?
 
+            krb5-association-configuration
+            krb5-association-configuration?
+            krb5-association-service-type
+
             krb5-configuration
             krb5-configuration?
             krb5-service-type))
@@ -228,7 +233,7 @@ (define-configuration krb5-realm
 
 
 ;; For a more detailed explanation of these fields see man 5 krb5.conf
-(define-configuration krb5-configuration
+(define-configuration krb5-association-configuration
   (allow-weak-crypto?
    (boolean/unset unset-field)
    "If true, permits access to services which only offer weak encryption.")
@@ -394,20 +399,20 @@ (define-configuration krb5-configuration
    "The list of realms which clients may access."))
 
 
-(define (krb5-configuration-file config)
+(define (krb5-association-configuration-file config)
   "Create a Kerberos 5 configuration file based on CONFIG"
   (mixed-text-file "krb5.conf"
                    "[libdefaults]\n\n"
                    (with-output-to-string
                      (lambda ()
                        (serialize-configuration config
-                                                krb5-configuration-fields)))))
+                                                krb5-association-configuration-fields)))))
 
 (define (krb5-etc-service config)
-  (list `("krb5.conf" ,(krb5-configuration-file config))))
+  (list `("krb5.conf" ,(krb5-association-configuration-file config))))
 
 
-(define krb5-service-type
+(define krb5-association-service-type
   (service-type (name 'krb5)
                 (extensions
                  (list (service-extension etc-service-type
@@ -416,6 +421,10 @@ (define krb5-service-type
 normally expect a configuration file in @file{/etc/krb5.conf}.  This service
 generates such a file.  It does not cause any daemon to be started.")))
 
+(define-deprecated krb-configuration krb5-association-configuration)
+(define-deprecated krb-configuration? krb5-association-configuration?)
+(define-deprecated krb-service-type krb5-association-service-type)
+
 
 
 (define-record-type* <pam-krb5-configuration>
-- 
2.41.0

Message sent to guix-patches@HIDDEN:

Subject: [bug#67555] [PATCH 2/2] services: kerberos/heimdal.scm: New file, add Heimdal Kerberos services.
Resent-From: Felix Lechner <felix.lechner@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 01 Dec 2023 00:46:02 +0000
Resent-Message-ID: <handler.67555.B67555.170139155432431 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 67555 <at> debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@HIDDEN>
From: Felix Lechner <felix.lechner@HIDDEN>
Date: Thu, 30 Nov 2023 16:45:12 -0800
Message-ID: <b0b0e3ebe07b86a83295bce34a81a71daba2fd89.1701390970.git.felix.lechner@HIDDEN>
In-Reply-To: <cover.1701390969.git.felix.lechner@HIDDEN>
References: <cover.1701390969.git.felix.lechner@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

Includes detailed documentation and two system tests.

Change-Id: I7b3a9da1340b559f1db8a8156581e73b918cfb78
---
 doc/guix.texi                     | 101 +++++++++++++++-
 gnu/local.mk                      |   3 +
 gnu/services/kerberos.scm         | 120 ++++++++++++++++++-
 gnu/services/kerberos/heimdal.scm | 189 ++++++++++++++++++++++++++++++
 gnu/tests/heimdal-kadmind.scm     |  71 +++++++++++
 gnu/tests/heimdal-kdc.scm         |  71 +++++++++++
 6 files changed, 551 insertions(+), 4 deletions(-)
 create mode 100644 gnu/services/kerberos/heimdal.scm
 create mode 100644 gnu/tests/heimdal-kadmind.scm
 create mode 100644 gnu/tests/heimdal-kdc.scm

diff --git a/doc/guix.texi b/doc/guix.texi
index a5119d2058..ecb85771ad 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -29979,7 +29979,8 @@ Kerberos Services
 Other implementations have not been tested.
 
 @defvar krb5-association-service-type
-A service type for Kerberos 5 clients.
+A service type for Kerberos 5 clients. This service type was previously
+named @code{krb5-service-type}.
 @end defvar
 
 @noindent
@@ -30037,6 +30038,8 @@ Kerberos Services
 
 @deftp {Data Type} krb5-association-configuration
 
+This configuration record was previously named @code{krb5-configuration}.
+
 @table @asis
 @item @code{allow-weak-crypto?} (default: @code{#f})
 If this flag is @code{#t} then services which only offer encryption algorithms
@@ -30059,6 +30062,102 @@ Kerberos Services
 @end deftp
 
 
+@subsubheading Heimdal Key Distribution (Kdc) Service
+
+The @code{(gnu services kerberos heimdal)} module provides services
+related to the @dfn{Heimdal} implementation for the authentication
+protocol @dfn{Kerberos}.
+
+This service starts the @dfn{Kerberos Key Distribution Center}
+server. The server will remain running.
+
+Kerberos client programs can obtain the location of this server from a
+configuration file at @file{/etc/krb5.conf}. You may wish to create that
+file separately via the @code{krb5-association-service-type}.
+
+@c %start of fragment
+@deftp {Data Type} heimdal-kdc-configuration
+Available @code{heimdal-kdc-configuration} fields are:
+
+@table @asis
+@item @code{heimdal} (default: @code{heimdal}) (type: file-like)
+The heimdal package to use.
+
+@item @code{config-file} (type: maybe-string)
+Configuration file for Heimdal KDC server.
+
+@item @code{require-preauth?} (default: @code{#t}) (type: boolean)
+Require pre-authentication in the initial AS-REQ for all principals.
+
+@item @code{max-request-size} (type: maybe-non-negative-integer)
+Maximum size of requests the server is willing to handle.
+
+@item @code{enable-http?} (default: @code{#f}) (type: boolean)
+Listen on port 80 and handle requests encapsulated in HTTP.
+
+@item @code{v4-realm} (type: maybe-string)
+Realm for version 4 requests.
+
+@item @code{ports} (default: @code{()}) (type: list-of-strings)
+Ports to listen on.
+
+@item @code{addresses} (default: @code{()}) (type: list-of-strings)
+Addresses to listen on.
+
+@item @code{disable-des?} (default: @code{#f}) (type: boolean)
+Disable all DES encryption types.
+
+@end table
+
+@end deftp
+@c %end of fragment
+
+
+@subsubheading Heimdal Admin (Kadmind) Service
+
+The @code{(gnu services kerberos heimdal)} module provides services
+related to the @dfn{Heimdal} implementation for the authentication
+protocol @dfn{Kerberos}.
+
+This service starts the @dfn{Kerberos Administration} server. The server
+will remain running.
+
+Kerberos client programs can obtain the location of the server from a
+configuration file at @file{/etc/krb5.conf}. You may wish to create that
+file separately via the @code{krb5-association-service-type}.
+
+@c %start of fragment
+@deftp {Data Type} heimdal-kadmind-configuration
+Available @code{heimdal-kadmind-configuration} fields are:
+
+@table @asis
+@item @code{heimdal} (default: @code{heimdal}) (type: file-like)
+The heimdal package to use.
+
+@item @code{config-file} (type: maybe-string)
+Configuration file for Heimdal Kadmind server.
+
+@item @code{key-file} (type: maybe-string)
+Location of master key file.
+
+@item @code{keytab} (type: maybe-string)
+Kerberos keytab to use.
+
+@item @code{realm} (type: maybe-string)
+Kerberos realm to serve.
+
+@item @code{debug?} (default: @code{#f}) (type: boolean)
+Enable debugging.
+
+@item @code{ports} (default: @code{()}) (type: list-of-strings)
+Ports to listen on.
+
+@end table
+
+@end deftp
+@c %end of fragment
+
+
 @subsubheading PAM krb5 Service
 @cindex pam-krb5
 
diff --git a/gnu/local.mk b/gnu/local.mk
index a82372527e..64cda5b8b6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -695,6 +695,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/guix.scm			\
   %D%/services/hurd.scm				\
   %D%/services/kerberos.scm			\
+  %D%/services/kerberos/heimdal.scm		\
   %D%/services/ldap.scm		      		\
   %D%/services/lightdm.scm      		\
   %D%/services/linux.scm			\
@@ -790,6 +791,8 @@ GNU_SYSTEM_MODULES =				\
   %D%/tests/ganeti.scm				\
   %D%/tests/gdm.scm				\
   %D%/tests/guix.scm				\
+  %D%/tests/heimdal-kadmind.scm			\
+  %D%/tests/heimdal-kdc.scm			\
   %D%/tests/monitoring.scm                      \
   %D%/tests/nfs.scm				\
   %D%/tests/image.scm				\
diff --git a/gnu/services/kerberos.scm b/gnu/services/kerberos.scm
index ec9b6c10b5..432f205904 100644
--- a/gnu/services/kerberos.scm
+++ b/gnu/services/kerberos.scm
@@ -421,9 +421,123 @@ (define krb5-association-service-type
 normally expect a configuration file in @file{/etc/krb5.conf}.  This service
 generates such a file.  It does not cause any daemon to be started.")))
 
-(define-deprecated krb-configuration krb5-association-configuration)
-(define-deprecated krb-configuration? krb5-association-configuration?)
-(define-deprecated krb-service-type krb5-association-service-type)
+(define-deprecated krb5-service-type krb5-association-service-type)
+
+(define-deprecated/public-alias
+  krb5-configuration
+  krb5-association-configuration)
+(define-deprecated/public-alias
+  krb5-configuration?
+  krb5-association-configuration?)
+
+(define-deprecated/public-alias
+  krb5-configuration-allow-weak-crypto?
+  krb5-association-configuration-allow-weak-crypto?)
+(define-deprecated/public-alias
+  krb5-configuration-ap-req-checksum-type
+  krb5-association-configuration-ap-req-checksum-type)
+(define-deprecated/public-alias
+  krb5-configuration-canonicalize?
+  krb5-association-configuration-canonicalize?)
+(define-deprecated/public-alias
+  krb5-configuration-ccache-type
+  krb5-association-configuration-ccache-type)
+(define-deprecated/public-alias
+  krb5-configuration-clockskew
+  krb5-association-configuration-clockskew)
+(define-deprecated/public-alias
+  krb5-configuration-default-ccache-name
+  krb5-association-configuration-default-ccache-name)
+(define-deprecated/public-alias
+  krb5-configuration-default-client-keytab-name
+  krb5-association-configuration-default-client-keytab-name)
+(define-deprecated/public-alias
+  krb5-configuration-default-keytab-name
+  krb5-association-configuration-default-keytab-name)
+(define-deprecated/public-alias
+  krb5-configuration-default-realm
+  krb5-association-configuration-default-realm)
+(define-deprecated/public-alias
+  krb5-configuration-default-tgs-enctypes
+  krb5-association-configuration-default-tgs-enctypes)
+(define-deprecated/public-alias
+  krb5-configuration-default-tkt-enctypes
+  krb5-association-configuration-default-tkt-enctypes)
+(define-deprecated/public-alias
+  krb5-configuration-dns-canonicalize-hostname?
+  krb5-association-configuration-dns-canonicalize-hostname?)
+(define-deprecated/public-alias
+  krb5-configuration-dns-lookup-kdc?
+  krb5-association-configuration-dns-lookup-kdc?)
+(define-deprecated/public-alias
+  krb5-configuration-err-fmt
+  krb5-association-configuration-err-fmt)
+(define-deprecated/public-alias
+  krb5-configuration-forwardable?
+  krb5-association-configuration-forwardable?)
+(define-deprecated/public-alias
+  krb5-configuration-ignore-acceptor-hostname?
+  krb5-association-configuration-ignore-acceptor-hostname?)
+(define-deprecated/public-alias
+  krb5-configuration-k5login-authoritative?
+  krb5-association-configuration-k5login-authoritative?)
+(define-deprecated/public-alias
+  krb5-configuration-k5login-directory
+  krb5-association-configuration-k5login-directory)
+(define-deprecated/public-alias
+  krb5-configuration-kcm-mach-service
+  krb5-association-configuration-kcm-mach-service)
+(define-deprecated/public-alias
+  krb5-configuration-kcm-socket
+  krb5-association-configuration-kcm-socket)
+(define-deprecated/public-alias
+  krb5-configuration-kdc-default-options
+  krb5-association-configuration-kdc-default-options)
+(define-deprecated/public-alias
+  krb5-configuration-kdc-timesync
+  krb5-association-configuration-kdc-timesync)
+(define-deprecated/public-alias
+  krb5-configuration-kdc-req-checksum-type
+  krb5-association-configuration-kdc-req-checksum-type)
+(define-deprecated/public-alias
+  krb5-configuration-noaddresses?
+  krb5-association-configuration-noaddresses?)
+(define-deprecated/public-alias
+  krb5-configuration-permitted-enctypes
+  krb5-association-configuration-permitted-enctypes)
+(define-deprecated/public-alias
+  krb5-configuration-plugin-base-dir
+  krb5-association-configuration-plugin-base-dir)
+(define-deprecated/public-alias
+  krb5-configuration-preferred-preauth-types
+  krb5-association-configuration-preferred-preauth-types)
+(define-deprecated/public-alias
+  krb5-configuration-proxiable?
+  krb5-association-configuration-proxiable?)
+(define-deprecated/public-alias
+  krb5-configuration-rdns?
+  krb5-association-configuration-rdns?)
+(define-deprecated/public-alias
+  krb5-configuration-realm-try-domains
+  krb5-association-configuration-realm-try-domains)
+(define-deprecated/public-alias
+  krb5-configuration-renew-lifetime
+  krb5-association-configuration-renew-lifetime)
+(define-deprecated/public-alias
+  krb5-configuration-safe-checksum-type
+  krb5-association-configuration-safe-checksum-type)
+(define-deprecated/public-alias
+  krb5-configuration-ticket-lifetime
+  krb5-association-configuration-ticket-lifetime)
+(define-deprecated/public-alias
+  krb5-configuration-udp-preference-limit
+  krb5-association-configuration-udp-preference-limit)
+(define-deprecated/public-alias
+  krb5-configuration-verify-ap-rereq-nofail?
+  krb5-association-configuration-verify-ap-rereq-nofail?)
+(define-deprecated/public-alias
+  krb5-configuration-realms
+  krb5-association-configuration-realms)
 
 
 
diff --git a/gnu/services/kerberos/heimdal.scm b/gnu/services/kerberos/heimdal.scm
new file mode 100644
index 0000000000..0dc17f6315
--- /dev/null
+++ b/gnu/services/kerberos/heimdal.scm
@@ -0,0 +1,189 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2023 Felix Lechner <felix.lechner@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services kerberos heimdal)
+  #:use-module (gnu packages kerberos)
+  #:use-module (gnu services)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services shepherd)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:export (heimdal-kdc-configuration
+            heimdal-kdc-service-type
+            heimdal-kadmind-configuration
+            heimdal-kadmind-service-type))
+
+
+;;;
+;;; Heimdal Kdc
+;;;
+
+(define-maybe/no-serialization string)
+
+(define (non-negative-integer? val)
+  (and (exact-integer? val) (not (negative? val))))
+
+(define-maybe/no-serialization non-negative-integer)
+
+(define-configuration/no-serialization heimdal-kdc-configuration
+  (heimdal
+   (file-like heimdal)
+   "The heimdal package to use.")
+  (config-file
+   maybe-string
+   "Configuration file for Heimdal KDC server.")
+  (require-preauth?
+   (boolean #t)
+   "Require pre-authentication in the initial AS-REQ for all principals.")
+  (max-request-size
+   maybe-non-negative-integer
+   "Maximum size of requests the server is willing to handle.")
+  (enable-http?
+   (boolean #f)
+   "Listen on port 80 and handle requests encapsulated in HTTP.")
+  (v4-realm
+   maybe-string
+   "Realm for version 4 requests.")
+  (ports
+   (list-of-strings '())
+   "Ports to listen on.")
+  (addresses
+   (list-of-strings '())
+   "Addresses to listen on.")
+  (disable-des?
+   (boolean #f)
+   "Disable all DES encryption types."))
+
+(define (heimdal-kdc-shepherd-service config)
+  "Return a <shepherd-service> for Heimdal's kdc for CONFIG."
+  (match-record config
+      <heimdal-kdc-configuration> (heimdal config-file require-preauth?
+                                           max-request-size enable-http?
+                                           v4-realm ports addresses
+                                           disable-des?)
+    (shepherd-service
+     (documentation "Run the Heimdal Kerberos KDC daemon (heimdal-kdc).")
+     (provision '(heimdal-kdc))
+     (requirement '(networking))
+     (start #~(make-forkexec-constructor
+               (list #$(file-append heimdal "/libexec/kdc")
+                     #$@(if (maybe-value-set? config-file)
+                            `(,(string-append "--config-file=" (maybe-value config-file)))
+                            '())
+                     #$@(if require-preauth? '() '("--no-require-preauth"))
+                     #$@(if (maybe-value-set? max-request-size)
+                            `(,(string-append
+                                "--max-request-size="
+                                (number->string (maybe-value max-request-size))))
+                            '())
+                     #$@(if enable-http? '("--enable-http") '())
+                     #$@(if (maybe-value-set? v4-realm)
+                            `(,(string-append "--v4-realm=" (maybe-value v4-realm)))
+                            '())
+                     ;; ports parameter is white-space separated
+                     #$@(if (null? ports)
+                            '()
+                            `(,(string-append "--ports=" (string-join ports))))
+                     ;; addresses parameter is white-space separated
+                     #$@(if (null? addresses)
+                            '()
+                            `(,(string-append "--addresses=" (string-join addresses))))
+                     #$@(if disable-des? '("--disable-des") '()))
+               #:log-file "/var/log/kdc-shepherd"))
+     (stop #~(make-kill-destructor)))))
+
+(define heimdal-kdc-service-type
+  (service-type
+   (name 'heimdal-kdc)
+   (description
+    "Run the Heimdal @command{kdc} daemon.")
+   (extensions
+    (list
+     (service-extension shepherd-root-service-type
+                        (compose list heimdal-kdc-shepherd-service))))
+   (default-value (heimdal-kdc-configuration))))
+
+
+;;;
+;;; Heimdal Kadmind
+;;;
+
+(define-configuration/no-serialization heimdal-kadmind-configuration
+  (heimdal
+   (file-like heimdal)
+   "The heimdal package to use.")
+  (config-file
+   maybe-string
+   "Configuration file for Heimdal Kadmind server.")
+  (key-file
+   maybe-string
+   "Location of master key file.")
+  (keytab
+   maybe-string
+   "Kerberos keytab to use.")
+  (realm
+   maybe-string
+   "Kerberos realm to serve.")
+  (debug?
+   (boolean #f)
+   "Enable debugging.")
+  (ports
+   (list-of-strings '())
+   "Ports to listen on."))
+
+(define (heimdal-kadmind-shepherd-service config)
+  "Return a <shepherd-service> for Heimdal's kadmind for CONFIG."
+  (match-record config
+      <heimdal-kadmind-configuration> (heimdal config-file key-file keytab
+                                               realm debug? ports)
+    (shepherd-service
+     (documentation "Run the Heimdal Kerberos admin daemon (heimdal-kadmind).")
+     (provision '(heimdal-kadmind))
+     (requirement '(networking))
+     (start #~(make-forkexec-constructor
+               (list #$(file-append heimdal "/libexec/kadmind")
+                     #$@(if (maybe-value-set? config-file)
+                            `(,(string-append "--config-file=" (maybe-value config-file)))
+                            '())
+                     #$@(if (maybe-value-set? key-file)
+                            `(,(string-append "--key-file=" (maybe-value key-file)))
+                            '())
+                     #$@(if (maybe-value-set? keytab)
+                            `(,(string-append "--keytab=" (maybe-value keytab)))
+                            '())
+                     #$@(if (maybe-value-set? realm)
+                            `(,(string-append "--realm=" (maybe-value realm)))
+                            '())
+                     #$@(if debug? '("--debug") '())
+                     ;; ports parameter is white-space separated
+                     #$@(if (null? ports)
+                            '()
+                            `(,(string-append "--ports=" (string-join ports)))))))
+     (stop #~(make-kill-destructor)))))
+
+(define heimdal-kadmind-service-type
+  (service-type
+   (name 'heimdal-kadmind)
+   (description
+    "Run the Heimdal @command{kadmind} daemon.")
+   (extensions
+    (list
+     (service-extension shepherd-root-service-type
+                        (compose list heimdal-kadmind-shepherd-service))))
+   (default-value (heimdal-kadmind-configuration))))
diff --git a/gnu/tests/heimdal-kadmind.scm b/gnu/tests/heimdal-kadmind.scm
new file mode 100644
index 0000000000..b340017c69
--- /dev/null
+++ b/gnu/tests/heimdal-kadmind.scm
@@ -0,0 +1,71 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@HIDDEN>
+;;; Copyright © 2022 Bruno Victal <mirai@HIDDEN>
+;;; Copyright © 2023 Felix Lechner <felix.lechner@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests heimdal-kadmind)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services kerberos heimdal)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:export (%test-heimdal-kadmind))
+
+(define %heimdal-kadmind-os
+  (simple-operating-system
+   (service dhcp-client-service-type)
+   (service heimdal-kadmind-service-type)))
+
+(define (run-heimdal-kadmind-test)
+  "Run tests in %heimdal-kadmind-os, which has heimdal-kadmind running."
+  (define os
+    (marionette-operating-system
+     %heimdal-kadmind-os
+     #:imported-modules '((gnu services herd))))
+
+  (define vm
+    (virtual-machine os))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (test-runner-current (system-test-runner #$output))
+          (test-begin "heimdal-kadmind")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'heimdal-kadmind))
+             marionette))
+
+          (test-end))))
+  (gexp->derivation "heimdal-kadmind-test" test))
+
+(define %test-heimdal-kadmind
+  (system-test
+   (name "heimdal-kadmind")
+   (description "Test that the heimdal-kadmind runs when started.")
+   (value (run-heimdal-kadmind-test))))
diff --git a/gnu/tests/heimdal-kdc.scm b/gnu/tests/heimdal-kdc.scm
new file mode 100644
index 0000000000..b6424ace9e
--- /dev/null
+++ b/gnu/tests/heimdal-kdc.scm
@@ -0,0 +1,71 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@HIDDEN>
+;;; Copyright © 2022 Bruno Victal <mirai@HIDDEN>
+;;; Copyright © 2023 Felix Lechner <felix.lechner@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests heimdal-kdc)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services kerberos heimdal)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:export (%test-heimdal-kdc))
+
+(define %heimdal-kdc-os
+  (simple-operating-system
+   (service dhcp-client-service-type)
+   (service heimdal-kdc-service-type)))
+
+(define (run-heimdal-kdc-test)
+  "Run tests in %heimdal-kdc-os, which has heimdal-kdc running."
+  (define os
+    (marionette-operating-system
+     %heimdal-kdc-os
+     #:imported-modules '((gnu services herd))))
+
+  (define vm
+    (virtual-machine os))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (test-runner-current (system-test-runner #$output))
+          (test-begin "heimdal-kdc")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'heimdal-kdc))
+             marionette))
+
+          (test-end))))
+  (gexp->derivation "heimdal-kdc-test" test))
+
+(define %test-heimdal-kdc
+  (system-test
+   (name "heimdal-kdc")
+   (description "Test that the heimdal-kdc runs when started.")
+   (value (run-heimdal-kdc-test))))
-- 
2.41.0

Message sent to guix-patches@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: [bug#67555] [PATCH 0/2] Add Heimdal Kerberos system services.
References: <cover.1701390969.git.felix.lechner@HIDDEN>
In-Reply-To: <cover.1701390969.git.felix.lechner@HIDDEN>
Resent-From: Jonathan Brielmaier <jonathan.brielmaier@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 15 Dec 2023 17:02:02 +0000
Resent-Message-ID: <handler.67555.B67555.170265967122225 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67555
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67555 <at> debbugs.gnu.org
Received: via spool by 67555-submit <at> debbugs.gnu.org id=B67555.170265967122225
          (code B ref 67555); Fri, 15 Dec 2023 17:02:02 +0000
Received: (at 67555) by debbugs.gnu.org; 15 Dec 2023 17:01:11 +0000
Received: from localhost ([127.0.0.1]:53411 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rEBYk-0005m6-HB
	for submit <at> debbugs.gnu.org; Fri, 15 Dec 2023 12:01:10 -0500
Received: from mout.web.de ([212.227.15.4]:57219)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jonathan.brielmaier@HIDDEN>) id 1rEBYh-0005XU-Uf
 for 67555 <at> debbugs.gnu.org; Fri, 15 Dec 2023 12:01:09 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=s29768273;
 t=1702659661; x=1703264461; i=jonathan.brielmaier@HIDDEN;
 bh=RHlea9VHKxP1Of6YZEbW7hPYeatAk62yDM2T5+H+zD0=;
 h=X-UI-Sender-Class:Date:To:From:Subject;
 b=Zp3NHdhFgwISPrFWy/05J0I7zqm3aILpAcsFpj72wjOMRj6Y8IMk228Omyl+1Kw3
 jalZ1WHUaQcyBiwrsU9aS8Y2f5LrYrqV+0Qxk8Yg9/tcKPmnC9gXU7iAyhoAj5Wp/
 djRyjxRVwqcCdM+c2kY/5Nx9RmrwAk05GzUomLgeFKF+VQSAaRj4hiaFZGV3FkVXX
 BaZNT4yvaMMRZdGmlXLjbdW2oNuC0j/sAgjoRYaVTRfhLODPvBsPCrd2H+f7WUw+x
 PRaplXb/TwyWe5QSAIE3amkgC+TusnaIrkWGUHqlt8TDx+AKx0L1U9mGdLyr+HWWJ
 OQ0V5pvcnHmvyz954w==
X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6
Received: from [192.168.178.29] ([77.190.160.113]) by smtp.web.de (mrweb005
 [213.165.67.108]) with ESMTPSA (Nemesis) id 1Mr7ac-1rZXgp0tOA-00oRjN for
 <67555 <at> debbugs.gnu.org>; Fri, 15 Dec 2023 18:01:01 +0100
Message-ID: <4fb9c9ae-5079-29f5-0e14-cecfb14c9428@HIDDEN>
Date: Fri, 15 Dec 2023 18:01:00 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.0
Content-Language: de-DE, en-US
From: Jonathan Brielmaier <jonathan.brielmaier@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:irHSXeDrYbTZukXg0eoSQurg/OgJrqLB/dR8i8UW6sskyQfJxCR
 CLxO9wL1VvaIq880WMNart3pBkU/wS2xQqde0pF6CCze8bazqi9q+gLhgt+0HpEFIelPPd/
 8J2T1W5qDvdO4RvNt9cgKwb1HfAHgxIw8wqZJbBtbwZY5Adlb24UixvZDOMJX5Am+cUH7JE
 6klVkE83eEYC40BRamtLg==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:N7UwgXNzYGk=;0EyC490yTBcjXFUzRGiGsGr82/V
 BS3V6bAUupAq8NfAUDteCt8LsAXXbyhjP8PnmDRmrxw+Vc+5mFAseWx++bjsRthDJfSy2ZtJQ
 MKSW/TtbVU9YAo7YzDUzKJTRb9z1aOPB4zpZxgHQ65ImxUzN3KHtdBTdyizkHdLc0vFrryvWC
 3fZ6GziLCU4PEs1G6ycsBXSfG161ZSsOovymYKugAxdcGQ7aRj11asbifb1aslnJU6iBMHPe1
 tpQ29eeQaowfVHdosE2jRWQEChnwcB7HctlUzW5WPqrapq7mn/2HltHHqyqle74JhkRPbcQqF
 mH1XQqp8L/9PT0rOeaNzrdoI1AF+km8s1boYzGu4ZyjxbTzwARMhDVv56oleXkFyKXMfugwEK
 +Oc+YZMn/xhzNUPW4V30hTey71ejoV47DdGNsc4SsGVtprMbyfb+K7UiqOSMz8CpItsQbOjmc
 kLeOafSX5QhwtxOWvGo+8NSkBkTjMs3hTmMXmCn+aULW208VJFsol1NvlLxAIhoJGDAqiTL90
 u2I2iPPppXtN+iOGPTpisDOvxUeMzgc3eg5j087eBUQdysYRARF8Axp8feJ8MMygPMwMq8LIu
 swMdAIzY1S8m74lfVPjFGxBc/f0gI2GZ5/7C7yBVtWGp2NuFZoBmAcPwuqVnmHaRGR1h98MTe
 FVQpd9eWPOtZ/Fj1T4zDSy6QSNxoIUvsSqTwZLFM/rjhKQ+pLzKHv8jPRdnNE6nyzEEcFsFvo
 snaw+OSjmNr9BgCM6I1Ddlv8oK+J6aME3NnzFfcMhqOMv+oSGWsXwA+i61FgQEC/ZQL90t9ZA
 ITTuGiXOYBtlh2JA+UHGr4ilIPUhKr9iM+y15Tq9vZQ27ak0E01wgpw91B2o0itg8zltfWu1d
 kgXO48u5dDOAZTgiAgtj3SyBU5SdKtLFfPDXxg0uhAXt+yWaSkeor/hUidoBjLvPd0yngHLcU
 lBfMwg==
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi Felix,

you could do the commit message like following.

```
[PATCH 2/2] services: Add Heimdal Kerberos services.

* gnu/services/kerberos.scm: Define deprecation variables for previous
krb5 configuration.
* gnu/services/kerberos/heimdal.scm: New file.
* gnu/tests/heimdal-kadmind.scm: New file.
* gnu/tests/heimdal-kdc.scm: New file.
* doc/guix.texi (Kerberos Services): Adapt documentation and add
sub-sections for Heimdal key distribution service and Heimdal admin servic=
e.
* gnu/local.mk (GNU_SYSTEM_MODULES): register new files.
```

Thumbs-up for providing tests :)

~Jonathan

Message sent to guix-patches@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: [bug#67555] [PATCH 2/2] services: kerberos/heimdal.scm: New file,  add Heimdal Kerberos services.
Resent-From: Bruno Victal <mirai@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sat, 16 Dec 2023 21:36:01 +0000
Resent-Message-ID: <handler.67555.B67555.170276253014790 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67555
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Felix Lechner <felix.lechner@HIDDEN>
Cc: 67555 <at> debbugs.gnu.org
Received: via spool by 67555-submit <at> debbugs.gnu.org id=B67555.170276253014790
          (code B ref 67555); Sat, 16 Dec 2023 21:36:01 +0000
Received: (at 67555) by debbugs.gnu.org; 16 Dec 2023 21:35:30 +0000
Received: from localhost ([127.0.0.1]:56210 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rEcJl-0003qU-PX
	for submit <at> debbugs.gnu.org; Sat, 16 Dec 2023 16:35:30 -0500
Received: from smtpmciv1.myservices.hosting ([185.26.107.237]:59950)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mirai@HIDDEN>) id 1rEcJj-0003qG-VX
 for 67555 <at> debbugs.gnu.org; Sat, 16 Dec 2023 16:35:28 -0500
Received: from mail1.netim.hosting (unknown [185.26.106.173])
 by smtpmciv1.myservices.hosting (Postfix) with ESMTP id 9F46320DD5;
 Sat, 16 Dec 2023 22:35:25 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by mail1.netim.hosting (Postfix) with ESMTP id 03AF980095;
 Sat, 16 Dec 2023 22:35:19 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
 by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 9m4uibydGC79; Sat, 16 Dec 2023 22:35:18 +0100 (CET)
Received: from [192.168.1.116] (unknown [10.192.1.83])
 (Authenticated sender: lumen@HIDDEN)
 by mail1.netim.hosting (Postfix) with ESMTPSA id 1F25B80067;
 Sat, 16 Dec 2023 22:35:18 +0100 (CET)
Message-ID: <938be86c-3269-4bb1-b6f9-6e4732d6515d@HIDDEN>
Date: Sat, 16 Dec 2023 21:35:16 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
References: <cover.1701390969.git.felix.lechner@HIDDEN>
 <b0b0e3ebe07b86a83295bce34a81a71daba2fd89.1701390970.git.felix.lechner@HIDDEN>
From: Bruno Victal <mirai@HIDDEN>
In-Reply-To: <b0b0e3ebe07b86a83295bce34a81a71daba2fd89.1701390970.git.felix.lechner@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------umd3y0PXrmVcrk3tcAbax0EE"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------umd3y0PXrmVcrk3tcAbax0EE
Content-Type: multipart/mixed; boundary="------------KJlNQjeFLQvWxQVWZCXsgg0u";
 protected-headers="v1"
From: Bruno Victal <mirai@HIDDEN>
To: Felix Lechner <felix.lechner@HIDDEN>
Cc: 67555 <at> debbugs.gnu.org
Message-ID: <938be86c-3269-4bb1-b6f9-6e4732d6515d@HIDDEN>
Subject: Re: [bug#67555] [PATCH 2/2] services: kerberos/heimdal.scm: New file,
 add Heimdal Kerberos services.
References: <cover.1701390969.git.felix.lechner@HIDDEN>
 <b0b0e3ebe07b86a83295bce34a81a71daba2fd89.1701390970.git.felix.lechner@HIDDEN>
In-Reply-To: <b0b0e3ebe07b86a83295bce34a81a71daba2fd89.1701390970.git.felix.lechner@HIDDEN>

--------------KJlNQjeFLQvWxQVWZCXsgg0u
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Felix,

On 2023-12-01 00:45, Felix Lechner wrote:
> +  (ports
> +   (list-of-strings '())
> +   "Ports to listen on.")

I'd prefer to use a list of exact-integers. (*)
Hint: you can use the procedures in (gnu services configuration)
to define this predicate with (list-of exact-integer?).

> +  (disable-des?
> +   (boolean #f)
> +   "Disable all DES encryption types."))

I'd avoid the double negative here, i.e. by naming this enable-des?.
Another note, how about defaulting to disabled DES support
to discourage its use?

> +     (start #~(make-forkexec-constructor
> +               (list #$(file-append heimdal "/libexec/kdc")
> +                     #$@(if (maybe-value-set? config-file)
> +                            `(,(string-append "--config-file=3D" (mayb=
e-value config-file)))
> +                            '())

Simply do:
`(,(string-append "--config-file=3D" config-file))

You don't need to use 'maybe-value' to extract the value if
you've already tested it with 'maybe-value-set?'.
> +               #:log-file "/var/log/kdc-shepherd"))

I'd make this configurable in <heimdal-kdc-configuration>.

> +  (ports
> +   (list-of-strings '())
> +   "Ports to listen on."))

See (*).

> +;;; GNU Guix --- Functional package management for GNU
> +;;; Copyright =C2=A9 2017 Peter Mikkelsen <petermikkelsen10@HIDDEN>=

> +;;; Copyright =C2=A9 2022 Bruno Victal <mirai@HIDDEN>

Copy-paste leftovers perhaps? =F0=9F=98=85

> new file mode 100644
> index 0000000000..b6424ace9e
> --- /dev/null
> +++ b/gnu/tests/heimdal-kdc.scm

How about merging these tests under a single gnu/tests/krb-heimdal.scm
instead of splitting them as gnu/tests/heimdal-kadmind.scm and
gnu/tests/heimdal-kadmind.scm?

If you're up for it I'd love to see one more test (might
involve multiple VMs) that actually tests the kerberos integration.
(i.e. performs an actual kerberos test)
That way we could be at least sure that there's a working kerberos
setup that we can use as a reference point for documentation/cookbooks.

My 2=C2=A2!

--=20
Furthermore, I consider that nonfree software must be eradicated.

Cheers,
Bruno.


--------------KJlNQjeFLQvWxQVWZCXsgg0u--

--------------umd3y0PXrmVcrk3tcAbax0EE
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZX4YFQAKCRCobOGDL+sp
Ve53AQDMdWlNobDOZXeKyST51kx6MVm4VGPNNtDPu32u6iB85wD9HluYuptT9gWG
dsnqTrJqkps/ZBebVIT6c5LZunw5FwM=
=HpSA
-----END PGP SIGNATURE-----

--------------umd3y0PXrmVcrk3tcAbax0EE--

Last modified: Sat, 20 Jan 2024 12:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.