Samba4 kadmin interface (commit 12ce07e53b9453f35a1483d941bfce9c23f790a0)

Andrew Bartlett abartlet at
Sun Dec 4 14:58:58 MST 2011

On Sun, 2011-12-04 at 17:16 +0100, Gémes Géza wrote:
> 2011-12-03 23:25 keltezéssel, Andrew Bartlett írta:
> > On Fri, 2011-12-02 at 18:32 +0100, Gémes Géza wrote:
> >> Hi,
> >>
> >> I've tried using  heimdal (1.4.0) kadmin with the new
> >> module. Unfortunately it doesn't support it:
> >> # kadmin -l
> >> kadmin: error trying to load dynamic module /usr/lib/ (null)
> >>
> >> kadmin: No database support for samba4:
> >>
> >> I suppose my heimdal installation is too old. What is the minimal
> >> heimdal version this module should work with?
> > I used current Heimdal from GIT when I tried it out.
> >
> > The ideal situation would be to compile Samba against lorikeet-heimdal
> > as the system Heimdal, and then use the kadmin from there, as that will
> > be the same version. 
> >
> > I will probably restrict this feature to this case, as in retrospect
> > this is unsafe unless we have use the same libkrb5 (due to the passed in
> > krb5_context). 
> >
> > Andrew Bartlett
> >
> Unfortunately on my test system heimdal from current git checkout fails
> to compile.
> Wouldn't importing (the relevant parts of) heimdal/lib/kadm5  and
> heimdal/kadmin into samba4 source tree a better way?

No, as I do not wish Samba to be the source of standard kerberos
libraries or tools.  We build samba4kinit, but this is in my mind a
special case as it allows a number of important tests, but we
deliberately do not install it.

It took me a number of attempts to build current Heimdal from GIT, but
these were due to the remains of a previous build in the checkout.  A
clean build from scratch should work. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list