Importing Heimdals kadmin into Samba4?

Gémes Géza geza at
Mon Oct 24 12:22:35 MDT 2011

2011-10-24 00:07 keltezéssel, Andrew Bartlett írta:
> On Sun, 2011-10-23 at 22:41 +0200, Gémes Géza wrote:
>> Hi,
>> Trying to reimplement the kadmins export_keytab and del_enctype
>> functions in libnet I realized, that maybe it would be easier to import
>> kadmin altogether. (In the meantime I've found a thread about python
>> code for keytab manipulation:
>>, but
>> doesn't know if there was any progress about that?).
>> I'm interested in your opinion about it (please flame me ;-) ).
> I see two ways we can handle this, and common tasks regardless.
> The common tasks are to modify hdb-samba4 to accept some of the
> operations that kadmin will require - that is creating users.  We would
> also need to work out how access control would be sorted out - kadmin
> has it's own ACL modal distinct from the AD ACL modal.
> The two approaches are to have kadmin built by Samba4 as kadmin.samba4,
> or to simply build as a loadable module, like we build
> If we provide the loadable module then, the system Heimdal installation
> (which we may be linked against) would be able to use Samba4 by means of
> a plugin just the same as the ldap plugin.
> Andrew Bartlett
IMHO the hardest is to decide how to implement the missing part of
hdb-samba4, it is similar to the problem of manipulating openldap based
kerberos prinicipals with kadmin: there are some operations which work
very well : ext_keytab, passwd, del_enctype, etc, and some which are
more problem than they solve: e.g. add.



More information about the samba-technical mailing list