Samba4 and Heimdal Kerberos dependencies

Andrew Tridgell tridge at
Wed Feb 9 00:04:34 GMT 2005


I think that making us dependent on Heimdal if we are an ADS DC is
acceptable for the moment, given that we don't have much choice. 

I think it is critical that we _not_ be dependent on Heimdal if we are
not an ADS DC. So if we are an ADS member server, or a NT4 style DC,
or a standalone server then we must be able to build and be fully
functional without Heimdal and without MIT kerberos. If that means we
have to duplicate some SPNEGO and GSSAPI code then so be it.

This is something that needs to be watched carefully. It would be all
too easy for developers that do have Heimdal to introduce a dependency
that either makes Samba4 not work at all or work only in a crippled
fashion when Heimdal is not present.

Cheers, Tridge

More information about the samba-technical mailing list