samba code and kerberos enctypes

simo idra at
Mon Feb 1 13:36:08 MST 2010

On Mon, 2010-02-01 at 14:28 -0600, Gerald Carter wrote:
> It's necessary when you don't own the krb5 layer and want
> to be portable across multiple versions.

The samba team or third party vendors *may* have this problem.
But distributions don't as they control exactly what version of the
kerberos libraries is distributed in the OS.

> Maybe that will help you sleep better at night. 

Will help my customers more, I have no problem really :)

> The proper solution is to make the
> krb5 layer site and affinity aware (e.g. the kdc locator plugin).

What else do you think is needed beyond the locator plugin ?

> I think the generated krb5.conf is just as valid if not as
> dynamic a solution.

The problem I see with the generated krb5.conf is that it does not
always include stuff you want it to include. But as I said I'd be more
than happy if it could be switched off optionally and leave it on by


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list