Current ideas on kerberos requirements for Samba4
hartmans at mit.edu
Tue May 24 20:30:42 GMT 2005
>>>>> "Jeremy" == Jeremy Allison <jra at samba.org> writes:
Jeremy> On Tue, May 24, 2005 at 11:34:52AM -0400, Ken Hornstein
>> I think given your requirements, shipping a _basic_ KDC is
>> probably unavoidable. I just wanted to point out that there is
>> a number of us who really want to use our own KDCs with Samba4,
>> and we'd like you to be able to deal with that at some point.
>> I don't think there's a huge amount of work you have to do to
>> make that happen (at least, I hope not).
Jeremy> We'll try and accomodate this, as we have accommodated
Jeremy> people who want to use their own keytabs in Samba3. But
Jeremy> let me tell you that this code (in Samba3) has taken 90%
Jeremy> of the work for less than 10% of the users. Even people
Jeremy> wanting this to work send incorrect, memory-leaking
If you actually do this, I think we'll all be happy. If you even
design to support this model but demand that the people who want it to
work with their own KDCs send in working code, I think we'll be happy.
I completely agree that you need some sort of KDC in the samba
distribution that is known to work with Samba and that is easy to set
up and that hopefully the user doesn't even notice.
However I'm hearing from Andrew that he's choosing a design that will
make it very challenging for people to supply their own KDC and that
is where I have concerns.
More information about the samba-technical