Review request: DNS server implementation

tridge at tridge at
Thu Oct 14 17:56:31 MDT 2010

Hi Simo,

 > Unless you store *many* keys in a single keytab it wouldn't be
 > necessary. Besides I am not sure you can pass DNS/* to GSSAPI.

The plan wasn't to pass it in to GSSAPI. The idea was to pass whatever
is in the request to GSSAPI, then if it passes inspection with a key
in the keytab, then bind code would run its wildcard matching over the
principal that has been supplied and only allow the request if it
matches DNS/*

 > Should this really be our problem ? Every project has specific
 > dependencies that you have to meet if you want to use it.
 > Having to meet dependencies is pretty common nowadays.

In some ways you're right - it's not our problem to make every distro
work, but I do think that the decisions we make affect how likely it
is for distros to be able to properly support all the features of
Samba. I doubt that many distros have the resources to test all the
details of the Samba AD support.

Cheers, Tridge

More information about the samba-technical mailing list