Heimdal V.S. MIT on SAMBA4

Andrew Bartlett abartlet at samba.org
Wed Oct 26 22:32:14 GMT 2005 

On Wed, 2005-10-26 at 20:06 +0200, Jelmer Vernooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> John E. Malmberg wrote:
> 
> > Is there some place that I can get a list of the changes that were
> > done to Heimdal Kerberos for SAMBA 4?
> >
> > I have been told that only one flavor of Kerberos can be active on
> > a system, and I already have the MIT flavor on OpenVMS.

Is this just the general rule (more than one krb5 == pain), or something
extra and specific to OpenMVS?

Because we do not install or rely on shared libraries for krb5 or ldap,
we avoid most of that pain.  (They are just more items in the
objectlist).

> > The maintainer of the MIT port of Kerberos for OpenVMS would like
> > to know what changes to the MIT port would be needed for it to be
> > used.
> 
> The best person to talk to about the modifications that were made to
> Heimdal for Samba 4 is Andrew Bartlett (abartlet at samba.org). There
> were quite a few (large) modifications for Heimdal, so there will be a
> large amount of work involved in allowing MIT to work.

Correct.  I've made some notes in auth/kerberos/kerberos-notes.txt.

Separate to that, I've started to use Heimdal's ASN.1 compiler (which
doesn't rely on the rest of Heimdal) instead of our hand-done ASN.1.
I'm hoping to plug some SPNEGO memory leaks that way...

Frankly, moving to compiling against MIT will require a lot of work on
MIT, and doing it badly could jeopardise the whole Kerberos area in
Samba4.  As such, I had hoped to push this off until after we have a
release out the door, when I hope we will have a final list of
requirements, and might have a chance of doing it 'well'.

(Samba3 has much less use of krb5, and has a very heavy weight of
compatibility glue around it's neck.  In particular I don't want that
weight to kill the chance of getting a release out).

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051027/d9190da6/attachment.bin

More information about the samba-technical mailing list