Debian update

I didn't post here when it happened, but I have become an official Debian developer. My account was created on the 16th, after considerably less of a wait at the DAM approval stage than I was expecting. I think that's because I did a more task-oriented evaluation that had my AM talking to the DAM all the time, so he was already quite familiar with my application. Still, I feel a touch wry about it, given that other people who applied before I did are still waiting.

Anyway, I've been going through and making minor updates to all of my Debian packages and then uploading them with my new debian.org address (yet another place I've scored "rra" as an account name). I'm almost done; only remctl to go of the packages I maintain myself, and that's only taking a while because I want to release a new upstream version and I'm splitting the package into remctl-client and remctl-server.

I was going to finish that today, but I spent the day debugging libpam-krb5. Alas, my original testing wasn't quite thorough, and it wasn't working correctly with OpenSSH and ChallengeResponse. In that mode (as opposed to the password mode I tested), OpenSSH runs the PAM authenticate call in a subprocess, but then runs the setcred call in a different subprocess. libpam-krb5 was assuming that it could pass data between authenticate and setcred in memory, which fails in that mode. I've come up with a solution that I'm having the maintainer look over before I upload.

In other news, Sam has just uploaded MIT Kerberos 1.4.3 to unstable after a stint in experimental. I had to fix libauthen-krb5-perl for the new version, but for the most part it should just work. The exception is the mod_auth_kerb Apache module, against which I've filed a bug and a patch. Hopefully Ghe can get to that in the next few days, or I may end up needing to do my first NMU.... (It digs into undocumented, unexported guts of the Kerberos library to turn off replay caching, something that broke horribly in 1.4 and something that 1.4 now provides a better way to handle.)

That's most of what's going on. I'm also working on an update to kerberos-configs, but I was a bit too aggressive about the changes that I made and need to back out of a few things and have Sam take a look at it again. I also badly need to update my Debian page, since I've now taken out of my personal repository all the stuff that I'm maintaining directly in Debian proper.