PAC Sucess!

[tridge at samba.org]

Farkas,

 > does this means samba4 will use (the latest'n'gratest) heimdal or it has 
 > it's own kerberos server which was drived from heimdal?

it has a builtin copy of heimdal in source/heimdal/

We hope that once the upstream heimdal has all the necessary hooks and
features (which thanks to lha could well be quite soon!) that we could
also support a build option to use the system heimdal, much like we
support using the system popt library, but have a builtin one as well
in case the system one isn't there.

Futher down the track we might also support using an external MIT
kerberos implementation, if we can get a set of hooks in that make
this possible. This is much less certain, but would be a good thing to
support, if we find it is practical. We don't even have a firm idea of
exactly what those hooks might look like, much less have agreement
from the MIT people to put them in, although we are much closer to
knowing what hooks might be needed than we were a few months ago.

Having the builtin heimdal has allowed us to make _much_ faster
progress with the kerberos part of ADS, and has taught us a lot about
the problem space. That doesn't mean we will only ever support that
setup.

Cheers, Tridge

PS: Andrew Bartlett owns this part of the code, so if he contradicts
any of the above, please believe Andrew and not me :-)