Recent kerberos refactoring
idra at samba.org
Fri Apr 13 05:54:35 MDT 2012
On Fri, 2012-04-13 at 18:21 +1000, Andrew Bartlett wrote:
> > Or split libraries even more. For
> > example, credentials_secrets.c operates on server side and it is
> > folded into pycredentials, Python bindings for credentials library
> > which is necessary for client operations on any Python client. I'd
> > rather separated it, as well as POPT_CREDENTIALS subsystem which in
> > addition is pulled into WMI sample client which is definitely not
> > supposed to be running only on Samba4 server.
> credentials_secrets is also used on the client, as you can (including
> the python bindings) obtain credentials as the local machine account.
This should be done using a keytab or by providing a password by other
means, not as an immutable dependency in client code.
> I agree that this area is tricky, but with patience and co-operation
> quite certain we can find an acceptable way though this.
Keep in mind we need to rush here, so brace yourself :-)
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical