Generating krb5.keytab

Andrew Bartlett abartlet at samba.org
Wed Jun 18 11:06:15 GMT 2008 

On Wed, 2008-06-18 at 13:54 +0300, Sergey Yanovich wrote:
> Oliver Liebel wrote:
> > Andrew Bartlett schrieb:
> >> On Wed, 2008-06-18 at 12:38 +0300, Sergey Yanovich wrote:
> >>> In turn, that this cannot be achieved without reorganizing Kerberos 
> >>> handling inside Samba. At the same time, this isn't about adding new 
> >>> features, just refactoring, and since Samba has a great test suit, it 
> >>> can be done in a controlled and predictable manner.
> >>>     
> >>
> >> You make good points, and seem to be getting to grip with how Samba4's
> >> LDAP backend arrangements are managed, but I still fail to see what this
> >> has to do with Kerberos.
> >>   
> > i agree with andrew. i dont see where this should lead to, since 
> > back-sql for openldap is the
> > last thing to mention about in the moment, as it is still experimental, 
> > slow and you bring a
> > new part into the whole construct, which will surely not stabilize it: 
> > an rdbms.
> > and at this stage it is surely no good idea to -extend- the existing 
> > samba4 schema with some "helpful" things
> > fur users. the main goal is to get samba4/ol work and replicate stable .
> 
> I am not in anyway saying that Samba4 must use ol (thanks for the 
> abbreviation) with mysql back-end. I've just described, what exactly I 
> am trying to achieve, and how the current state of affairs could be
> changed/improved to allow that.
> 
> The whole point is that if it possible to extend Samba4 for so 
> ridiculous purposes ;), it will be much easier for Samba team will to 
> work on the project, and for Samba users to deploy and run it.

Then please, do try to extend it within the existing framework.  We
built it for you to use, so why not build your MySql backend behind the
OpenLDAP backend, and leave the rest as-is?  Just don't ask us to tear
apart the rest of the structure - the design has been quite
deliberate.  

I don't mind the discussion (except it really has become circular), but
until we talk about code it will be your thoughts on what the world
should look like vs our running code, and it doesn't make it a fair
discussion, nor does it help us help you build it.  

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080618/c0e9ae62/attachment.bin

More information about the samba-technical mailing list