Recent kerberos refactoring

[simo]

On Fri, 2012-04-13 at 18:21 +1000, Andrew Bartlett wrote:
> > Or split libraries even more. For
> > example, credentials_secrets.c operates on server side and it is
> > folded into pycredentials, Python bindings for credentials library
> > which is necessary for client operations on any Python client. I'd
> > rather separated it, as well as POPT_CREDENTIALS subsystem which in
> > addition is pulled into WMI sample client which is definitely not
> > supposed to be running only on Samba4 server.
> 
> credentials_secrets is also used on the client, as you can (including
> in
> the python bindings) obtain credentials as the local machine account. 

This should be done using a keytab or by providing a password by other
means, not as an immutable dependency in client code.

> I agree that this area is tricky, but with patience and co-operation
> I'm
> quite certain we can find an acceptable way though this. 

Keep in mind we need to rush here, so brace yourself :-)

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>