Recent kerberos refactoring

simo idra at
Fri Apr 13 05:54:35 MDT 2012

On Fri, 2012-04-13 at 18:21 +1000, Andrew Bartlett wrote:
> > Or split libraries even more. For
> > example, credentials_secrets.c operates on server side and it is
> > folded into pycredentials, Python bindings for credentials library
> > which is necessary for client operations on any Python client. I'd
> > rather separated it, as well as POPT_CREDENTIALS subsystem which in
> > addition is pulled into WMI sample client which is definitely not
> > supposed to be running only on Samba4 server.
> credentials_secrets is also used on the client, as you can (including
> in
> the python bindings) obtain credentials as the local machine account. 

This should be done using a keytab or by providing a password by other
means, not as an immutable dependency in client code.

> I agree that this area is tricky, but with patience and co-operation
> I'm
> quite certain we can find an acceptable way though this. 

Keep in mind we need to rush here, so brace yourself :-)


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list