Importing Heimdals kadmin into Samba4?
Gémes Géza
geza at kzsdabas.hu
Mon Oct 24 12:22:35 MDT 2011
2011-10-24 00:07 keltezéssel, Andrew Bartlett írta:
> On Sun, 2011-10-23 at 22:41 +0200, Gémes Géza wrote:
>> Hi,
>>
>> Trying to reimplement the kadmins export_keytab and del_enctype
>> functions in libnet I realized, that maybe it would be easier to import
>> kadmin altogether. (In the meantime I've found a thread about python
>> code for keytab manipulation:
>> http://lists.samba.org/archive/samba-technical/2011-February/076359.html, but
>> doesn't know if there was any progress about that?).
>> I'm interested in your opinion about it (please flame me ;-) ).
> I see two ways we can handle this, and common tasks regardless.
>
> The common tasks are to modify hdb-samba4 to accept some of the
> operations that kadmin will require - that is creating users. We would
> also need to work out how access control would be sorted out - kadmin
> has it's own ACL modal distinct from the AD ACL modal.
>
> The two approaches are to have kadmin built by Samba4 as kadmin.samba4,
> or to simply build hdb-samba4.so as a loadable module, like we build
> dlz_bind9.so.
>
> If we provide the loadable module then, the system Heimdal installation
> (which we may be linked against) would be able to use Samba4 by means of
> a plugin just the same as the ldap plugin.
>
> Andrew Bartlett
>
IMHO the hardest is to decide how to implement the missing part of
hdb-samba4, it is similar to the problem of manipulating openldap based
kerberos prinicipals with kadmin: there are some operations which work
very well : ext_keytab, passwd, del_enctype, etc, and some which are
more problem than they solve: e.g. add.
Cheers
Geza
More information about the samba-technical
mailing list