Heimdal V.S. MIT on SAMBA4

John E. Malmberg wb8tyw at qsl.net
Thu Oct 27 01:04:38 GMT 2005

Andrew Bartlett wrote:
>>John E. Malmberg wrote:
>>>Is there some place that I can get a list of the changes that were
>>>done to Heimdal Kerberos for SAMBA 4?
> Is this just the general rule (more than one krb5 == pain), or something
> extra and specific to OpenMVS?

> Because we do not install or rely on shared libraries for krb5 or ldap,
> we avoid most of that pain.  (They are just more items in the
> objectlist).

I really do not know at this point, my suspicion is that the person 
thinks that SAMBA is taking over the Kerberos Server ports and not just 
being a client.
>>>The maintainer of the MIT port of Kerberos for OpenVMS would like
>>>to know what changes to the MIT port would be needed for it to be
> Correct.  I've made some notes in auth/kerberos/kerberos-notes.txt.
> Separate to that, I've started to use Heimdal's ASN.1 compiler (which
> doesn't rely on the rest of Heimdal) instead of our hand-done ASN.1.
> I'm hoping to plug some SPNEGO memory leaks that way...

And at this point, I have no idea what that means. :-)

> Frankly, moving to compiling against MIT will require a lot of work on
> MIT, and doing it badly could jeopardise the whole Kerberos area in
> Samba4.  As such, I had hoped to push this off until after we have a
> release out the door, when I hope we will have a final list of
> requirements, and might have a chance of doing it 'well'.
> (Samba3 has much less use of krb5, and has a very heavy weight of
> compatibility glue around it's neck.  In particular I don't want that
> weight to kill the chance of getting a release out).

I understand, I am just being a middle-man on this, and I will forward 
your notes to the Kerberos maintainer for OpenVMS.  Right now my focus 
is just getting something to build.

wb8tyw at qsl.net
Personal Opinion Only

More information about the samba-technical mailing list