[IPA] Disabling Heimdal service

Andrew Bartlett abartlet at samba.org
Mon Nov 23 16:59:12 MST 2009

On Mon, 2009-11-23 at 12:56 -0500, Endi Sukma Dewata wrote:
> Andrew,
> Please take a look at the attached patches. The first one is the
> implementation of the proposal. The second one copies some additional
> setup files into the install dir. 

I'm not sure on this.  I'll push the ldap_backend_start.sh template into
inline strings in the python code, I think it's too small and silly to
bother having in a file. 

The copy of the schema is a bit more of a worry to me - where does it
end up exactly? 

> The third one creates the default
> location for custom LDB modules .so files.

That seems reasonable. 

> ----- "Andrew Bartlett" <abartlet at samba.org> wrote:
> > > http://www.freeipa.org/page/Samba_4_Disabling_Heimdal_Service
> > The approach of using 'kdc port = 0' to disable seems very reasonable.
> I updated the wiki page with some clarifications about the parameters.
> In this proposal I'm using existing parameters "krb5 port" and "kpasswd
> port". You'll need to set both to 0 to completely disable Heimdal ports.
> Is this what you meant or should I add another "kdc port" parameter to
> overwrite both?

No, it was just too many acronyms for the hour of night :-)

Your patch looks good, but I would prefer not to have two almost
identical routines.  Instead, can we parametrise the listener?

ie, one 'listen on tcp and udp' function, which for kpassed (as an
example) provides kpasswdd_tcp_stream_ops and kpasswdd_process as a
parameter?  (Bonus points for rationalising it down to just


Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091124/0551de6e/attachment.pgp>

More information about the samba-technical mailing list