abartlet at pcug.org.au
Mon Nov 12 06:08:02 GMT 2001
"Gerald (Jerry) Carter" wrote:
> On Mon, 12 Nov 2001, Andrew Bartlett wrote:
> > > OK. I'll play devil's advocate here. Have you asked ? Or are we
> > > assuming? Now I will also point out that as I did to Andrew B.
> > > that removing the --with-krb5 option removes certain functionality
> > > that I do not think can be supported in 3.0. Namely, logons
> > > using Kerberos from non-win2000 clients with a non-PAM server
> > > (which there are many).
> > Yes, that problem bothers me. I think we will end up with a new
> > solution that uses the new kerberos code that is complementary to the
> > existing design. In intend to allow PAM (and possibly krb5-plaintext)
> > to be configured at runtime, rather than at compile time. This is
> > actually quite practical with the new auth code.
> You know, I'm glad to hear you say this. This is the first time
> I've heard anyone mention this plan. Will it be done in time for 3.0? :-)
If sombody codes it in time for 3.0...
I'll provide the infrustructure, but I can't say its a priority,
particularly given the viable alternitive (and proven) PAM-based method.
In any case, I'll wait until the new kerberos code is bedded down, so I
have somthing to build on. We will probably loose the ablity to
authenticate SWAT from it, due to linking madness.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical