Review request: DNS server implementation
tridge at samba.org
tridge at samba.org
Thu Oct 14 17:56:31 MDT 2010
Hi Simo,
> Unless you store *many* keys in a single keytab it wouldn't be
> necessary. Besides I am not sure you can pass DNS/* to GSSAPI.
The plan wasn't to pass it in to GSSAPI. The idea was to pass whatever
is in the request to GSSAPI, then if it passes inspection with a key
in the keytab, then bind code would run its wildcard matching over the
principal that has been supplied and only allow the request if it
matches DNS/*
> Should this really be our problem ? Every project has specific
> dependencies that you have to meet if you want to use it.
> Having to meet dependencies is pretty common nowadays.
In some ways you're right - it's not our problem to make every distro
work, but I do think that the decisions we make affect how likely it
is for distros to be able to properly support all the features of
Samba. I doubt that many distros have the resources to test all the
details of the Samba AD support.
Cheers, Tridge
More information about the samba-technical
mailing list