[PATCH] Changes to Samba3 to allow login with NTLM and Kerberos in s3compat

Andrew Bartlett abartlet at samba.org
Tue May 11 01:15:58 MDT 2010

On Tue, 2010-05-11 at 07:22 +0200, Volker Lendecke wrote:
> On Tue, May 11, 2010 at 08:27:22AM +1000, Andrew Bartlett wrote:
> > Because I'm trying to come up with a 'clean' rather than a 'no code
> > changes' approach to the integration, I will have many more patches like
> > these ones, as I try to define better interfaces, rather than just
> > possible interfaces.  If I am going to succeed at this then I'll need
> > every support possible to merge these patches.  This is in particular
> > because changing code to have better interfaces is precisely the type of
> > change that does not last well in a branch.  
> Sorry, but you knew this would be coming: I would rather go
> with a minimal changes approach first. 

Do you really feel they are that invasive?

> We need stuff going
> ASAP. 

Indeed we do.  I'm doing the work the best I can to get it going, and
I'm asking for the assistance of the team to merge the small changes I
need to do a good job of this. 

> We can always clean up later, in particular as with
> the s3compat way everything is just an internal interface.

It is, and it is not.  There are still costs in holding to very
particular function calling conventions that don't need to be there.
See in particular the changes for Kerberos - the current interface just
makes the callers do more work.

I'm not asking that s3compat be accepted, just that reasonable changes
be accepted that allow this or other similar ideas an easier task in
implementation.  The value in at least some of these changes will be
useful to whatever end goal we end up with. 

> As I said previously: I would like to see a s3compat auth
> module with the existing Samba3 auth/ subdirectory which is
> to a large extent completely your creation.

I'm not really willing to go and do the work twice, just to avoid doing
now some small changes to interfaces that we will want in the long term

If we are serious about this merge, then I ask that my fellow team
members give the patches I propose the serious attention I request.
Again, I'm not asking to merge s3compat or have it accepted as 'the way'
at this time, but I'm asking that some small accommodations be made to
keep my task sane.  

With the right assistance, I'm willing to put in a big effort to make
this happen.  But I need this to work well for both me and the team:  I
know that small, gradual changes are not my speciality, but I've tried
to break up the changes as much as made sense.  I've skipped doing a
rework of the structure to be a proper talloc tree for example, given
your sage advise. 


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100511/eec6a3ef/attachment.pgp>

More information about the samba-technical mailing list