Review request: DNS server implementation

tridge at tridge at
Fri Oct 15 14:30:04 MDT 2010

Hi Simo,

 > A lot of apps defer keytab overriding to the environment variable not
 > just bind. I can't say I like it, but it is not unexpected for admins
 > that are used to configure machines with kerberos.

And that is the heart of the problem :-)

For many Samba admins this will be their first introduction to
kerberos, and probably the first time they have had to do anything
fancier with bind than a default setup.

Microsoft have done a good job of hiding the gory details of AD, so
most admins don't have to know much about the details of how it
works. In the Unix world, most people don't use kerberos, and only the
brave ones tend to use dynamic DNS updates.

With the Samba4 AD effort we're trying to bring all this complex
technology to people who haven't had to deal with it before. We can't
rely on their past experience with these technologies. We have to make
it easy to get right.

 > This way we can have both services running in a single process for
 > your use case but also the ability to remove stuff one does not
 > care about by simply not installing the corresponding shared
 > library.

What does removing it actually gain you? The main bin/samba binary is
already tiny (58 kbytes on my machine, including debug symbols). All
the server components are enabled/disabled using smb.conf options,
which allows you to "not care" about a server component by not running

What would we actually gain by using dlopen() on these instead of

Cheers, Tridge

More information about the samba-technical mailing list