Importing Heimdals kadmin into Samba4?
Andrew Bartlett
abartlet at samba.org
Sun Oct 23 16:07:35 MDT 2011
On Sun, 2011-10-23 at 22:41 +0200, Gémes Géza wrote:
> Hi,
>
> Trying to reimplement the kadmins export_keytab and del_enctype
> functions in libnet I realized, that maybe it would be easier to import
> kadmin altogether. (In the meantime I've found a thread about python
> code for keytab manipulation:
> http://lists.samba.org/archive/samba-technical/2011-February/076359.html, but
> doesn't know if there was any progress about that?).
> I'm interested in your opinion about it (please flame me ;-) ).
I see two ways we can handle this, and common tasks regardless.
The common tasks are to modify hdb-samba4 to accept some of the
operations that kadmin will require - that is creating users. We would
also need to work out how access control would be sorted out - kadmin
has it's own ACL modal distinct from the AD ACL modal.
The two approaches are to have kadmin built by Samba4 as kadmin.samba4,
or to simply build hdb-samba4.so as a loadable module, like we build
dlz_bind9.so.
If we provide the loadable module then, the system Heimdal installation
(which we may be linked against) would be able to use Samba4 by means of
a plugin just the same as the ldap plugin.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list