Samba4 and Heimdal Kerberos dependencies
Luke Howard
lukeh at padl.com
Tue Feb 8 23:14:25 GMT 2005
>While GSSAPI is common between many implementations, we also need access
>to functions added to Heimdal by PADL, for their AD implementation (such
>as gsskrb5_extract_authz_data_from_sec_context()). This example allows
>us, as a server, to extract the PAC from an incoming request, without
>needing to separately parse the GSSAPI wrapping.
Also, we contributed a port of the MIT mechanism glue, it is currently
sitting in a branch pending integration. This allows you to dynamically
load different security mechanisms.
>With a few bugfixes in recent times, it is now possible to install
>Heimdal kerberos in a separate prefix (the default is /usr/heimdal), and
>to link Samba4 against it, even while the rest of the system may use
>MIT. Provided we don't get a dependency on OpenSSL, and provided
>Heimdal is not linked with OpenSSL, it all appears to work.
You do want to avoid an OpenSSL dependency, also because Red Hat ships
OpenSSL linked against MIT Kerberos.
-- Luke
--
More information about the samba-technical
mailing list