Review request: DNS server implementation

simo idra at
Sat Oct 16 10:23:34 MDT 2010

On Sat, 2010-10-16 at 07:30 +1100, tridge at wrote:
> Hi Simo,
>  > A lot of apps defer keytab overriding to the environment variable not
>  > just bind. I can't say I like it, but it is not unexpected for admins
>  > that are used to configure machines with kerberos.
> And that is the heart of the problem :-)
> For many Samba admins this will be their first introduction to
> kerberos, and probably the first time they have had to do anything
> fancier with bind than a default setup.
> Microsoft have done a good job of hiding the gory details of AD, so
> most admins don't have to know much about the details of how it
> works. In the Unix world, most people don't use kerberos, and only the
> brave ones tend to use dynamic DNS updates.
> With the Samba4 AD effort we're trying to bring all this complex
> technology to people who haven't had to deal with it before. We can't
> rely on their past experience with these technologies. We have to make
> it easy to get right.
>  > This way we can have both services running in a single process for
>  > your use case but also the ability to remove stuff one does not
>  > care about by simply not installing the corresponding shared
>  > library.
> What does removing it actually gain you? The main bin/samba binary is
> already tiny (58 kbytes on my machine, including debug symbols). All
> the server components are enabled/disabled using smb.conf options,
> which allows you to "not care" about a server component by not running
> it.
> What would we actually gain by using dlopen() on these instead of
> linking?

Allows us to build samba in multiple ways. For example single binary vs
multiple binaries becomes possible in parallel and does not require a
rebuild. It also allows to remove a function for good by simply deleting
the relative shared object, so that even bad configuration cannot result
in a daemon we do not want from running.
Easier for embedded platforms to understand what to remove, they just
simply avoid including the libraries corresponding to the services they
do not need.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list