Samba4 and Heimdal Kerberos dependencies
lukeh at padl.com
Tue Feb 8 23:14:25 GMT 2005
>While GSSAPI is common between many implementations, we also need access
>to functions added to Heimdal by PADL, for their AD implementation (such
>as gsskrb5_extract_authz_data_from_sec_context()). This example allows
>us, as a server, to extract the PAC from an incoming request, without
>needing to separately parse the GSSAPI wrapping.
Also, we contributed a port of the MIT mechanism glue, it is currently
sitting in a branch pending integration. This allows you to dynamically
load different security mechanisms.
>With a few bugfixes in recent times, it is now possible to install
>Heimdal kerberos in a separate prefix (the default is /usr/heimdal), and
>to link Samba4 against it, even while the rest of the system may use
>MIT. Provided we don't get a dependency on OpenSSL, and provided
>Heimdal is not linked with OpenSSL, it all appears to work.
You do want to avoid an OpenSSL dependency, also because Red Hat ships
OpenSSL linked against MIT Kerberos.
More information about the samba-technical