svn commit: samba r7291 - in
branches/SAMBA_4_0/source/auth/kerberos: .
abartlet at samba.org
abartlet at samba.org
Sun Jun 5 04:17:08 GMT 2005
Author: abartlet
Date: 2005-06-05 04:17:08 +0000 (Sun, 05 Jun 2005)
New Revision: 7291
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7291
Log:
Additional notes on what we require from a kerberos implementation.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt
Changeset:
Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt
===================================================================
--- branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-06-05 02:20:12 UTC (rev 7290)
+++ branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-06-05 04:17:08 UTC (rev 7291)
@@ -67,7 +67,7 @@
any explicit entry.
-Jean-Baptiste.Marchand at hsc.fr remainds me:
+Jean-Baptiste.Marchand at hsc.fr reminds me:
> This is the SPNMappings attribute in Active Directory:
@@ -219,6 +219,41 @@
I also now specify the kerberos principal as an explict parameter, not
an in/out value on the entry itself.
+libkdc
+------
+Samba4 needs to be built as a single binary (design requirement), and
+this should include the KDC. Samba also (and perhaps more
+importantly) needs to control the configuration environment of the
+KDC.
+The interface we have defined for libkdc allow for packet injection
+into the post-socket layer, with a defined krb5_context and
+kdb5_kdc_configuration structure. These effectively redirect the
+kerberos warnings, logging and database calls as we require.
+Using our socket lib
+--------------------
+
+An important detail in the use of libkdc is that we use our own socket
+lib. This allows the KDC code to be as portable as the rest of samba
+(this cuts both ways), but far more importantly it ensures a
+consistancy in the handling of requests, binding to sockets etc.
+
+To handle TCP, we will use of our socket layer in much the same way as
+we deal with TCP for CIFS.
+
+Kerberos logging support
+------------------------
+
+Samba now (optionally in the main code, required for the KDC) uses the
+krb5_log_facility from Heimdal. This allows us to redirect the
+warnings and status from the KDC (and client/server kerberos code) to
+Samba's DEBUG() system.
+
+We have added krb5_freelog() to be the opposite of krb5_initlog(), and
+ensure we do not leak memeory in this operation. (krb5_closelog() does
+not free everything that krb5_initlog creates).
+
+
+
More information about the samba-cvs
mailing list