samba code and kerberos enctypes
simo
idra at samba.org
Mon Feb 1 13:36:08 MST 2010
On Mon, 2010-02-01 at 14:28 -0600, Gerald Carter wrote:
> It's necessary when you don't own the krb5 layer and want
> to be portable across multiple versions.
The samba team or third party vendors *may* have this problem.
But distributions don't as they control exactly what version of the
kerberos libraries is distributed in the OS.
> Maybe that will help you sleep better at night.
Will help my customers more, I have no problem really :)
> The proper solution is to make the
> krb5 layer site and affinity aware (e.g. the kdc locator plugin).
What else do you think is needed beyond the locator plugin ?
> I think the generated krb5.conf is just as valid if not as
> dynamic a solution.
The problem I see with the generated krb5.conf is that it does not
always include stuff you want it to include. But as I said I'd be more
than happy if it could be switched off optionally and leave it on by
default.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list