Generating krb5.keytab

[Sergey Yanovich]

Andrew Bartlett wrote:
> When we finish the work to use Heimdal externally, it will be trivial to
> package a 'hdb_samba4.so' that the kadmind (or an externally launched
> KDC if someone is mad enough to want that) would be quite happy to load,
> should that be how you wish to manage it.  We already implement the enum
> and a few other methods that the KDC will never use, just for this
> case :-)

There maybe a few points to consider:
1. Samba will probably be much happier in the long run, if it manages to 
put 'hdb_samba4.so' (and 'win_dc' plugin as well) into Heimdal's tree, 
so that it is updated/patched together with the rest of their code.

2. When linux-minded person reads that Samba uses Heimdal KDC under the 
hood, the person immediately installs Heimdal's client tools, and tries 
to launch kadmin on the server. When the servers replies negatively, the 
person glances the docs, and after no clues found there, writes to the 
mailing list. The person may optionally try to find the solution in the 
source code, but that doesn't change much ATM ;)

3. Using external KDC is a solution that address both 1. and 2. from 
above. However, the solution seems to be in a distant future. However, 
there is a half-way solution: internally build the external KDC with 
proposed Samba-related patches. This will require an /etc/init.d-style 
script to launch that KDC after Samba, similarly to how smbd is launched 
after nmbd in Samba 3.

-- 
Sergey Yanovich
Abstract Accounting Ltd.
http://aasii.org/