Samba4 kadmin interface (commit 12ce07e53b9453f35a1483d941bfce9c23f790a0)

Gémes Géza geza at
Tue Dec 6 14:25:45 MST 2011

2011-12-04 22:58 keltezéssel, Andrew Bartlett írta:
> On Sun, 2011-12-04 at 17:16 +0100, Gémes Géza wrote:
>> 2011-12-03 23:25 keltezéssel, Andrew Bartlett írta:
>>> On Fri, 2011-12-02 at 18:32 +0100, Gémes Géza wrote:
>>>> Hi,
>>>> I've tried using  heimdal (1.4.0) kadmin with the new
>>>> module. Unfortunately it doesn't support it:
>>>> # kadmin -l
>>>> kadmin: error trying to load dynamic module /usr/lib/ (null)
>>>> kadmin: No database support for samba4:
>>>> I suppose my heimdal installation is too old. What is the minimal
>>>> heimdal version this module should work with?
>>> I used current Heimdal from GIT when I tried it out.
>>> The ideal situation would be to compile Samba against lorikeet-heimdal
>>> as the system Heimdal, and then use the kadmin from there, as that will
>>> be the same version. 
>>> I will probably restrict this feature to this case, as in retrospect
>>> this is unsafe unless we have use the same libkrb5 (due to the passed in
>>> krb5_context). 
>>> Andrew Bartlett
>> Unfortunately on my test system heimdal from current git checkout fails
>> to compile.
>> Wouldn't importing (the relevant parts of) heimdal/lib/kadm5  and
>> heimdal/kadmin into samba4 source tree a better way?
> No, as I do not wish Samba to be the source of standard kerberos
> libraries or tools.  We build samba4kinit, but this is in my mind a
> special case as it allows a number of important tests, but we
> deliberately do not install it.
> It took me a number of attempts to build current Heimdal from GIT, but
> these were due to the remains of a previous build in the checkout.  A
> clean build from scratch should work. 
> Andrew Bartlett
Thank you!

It works now (on a fresh git clone of heimdal) with (just one detected
so far) exception:
del_enctype seems to be unimplemented (it says: kadmin:
kadm5_modify_principal: Database is locked or in use--try again later)



More information about the samba-technical mailing list