[PROPOSAL] Require builtin or system krb5 libs
simo
idra at samba.org
Mon Jan 2 23:37:23 MST 2012
On Tue, 2012-01-03 at 14:06 +1100, Andrew Bartlett wrote:
> On Sun, 2012-01-01 at 17:32 -0500, simo wrote:
> > On Sat, 2011-12-31 at 20:25 -0800, Jeremy Allison wrote:
> > > On Sun, Jan 01, 2012 at 02:36:49PM +1100, Andrew Bartlett wrote:
> > > > On Sat, 2011-12-31 at 09:30 -0500, simo wrote:
> > > > > On Sat, 2011-12-31 at 20:58 +1100, Andrew Bartlett wrote:
> > > > > > Back in October, I wrote the the list suggesting that we should adopt an
> > > > > > explicit policy that we require at least some level of Kerberos support
> > > > > > to build Samba:
> > > > > >
> > > > > > On Mon, 2011-10-24 at 21:03 +1100, Andrew Bartlett wrote:
> > > > > >
> > > > > > > I would actually like us to consider if there are systems that we care
> > > > > > > about without krb5-devel, and which cannot use the waf build. If we
> > > > > > > could always expect at least some kind of Kerberos library (internal or
> > > > > > > system heimdal from the waf build, or any system from autoconf), we
> > > > > > > could make our code much simpler in parts.
> > > > > >
> > > > > > I would like to make that a firm proposal. For me at least, Samba both
> > > > > > 3.5.11 and current master do not compile without krb5-devel. As such,
> > > > > > it seems no testing is done on systems without a kerberos library, and
> > > > > > our users have not been inconvenienced by this requirement.
> > > > > >
> > > > > > Therefore, as we have a way to build Samba without a system kerberos
> > > > > > (the waf build), I would like us to require that users either build with
> > > > > > waf, or build with a system krb5-devel.
> > > > > >
> > > > > > Doing so would remove a lot of dead, untested #ifndef HAVE_KRB5 stub
> > > > > > functions, and make our code easier to follow and simpler to develop.
> > > > > >
> > > > > > What do others think?
> > > > >
> > > > > I am ok in always requireing kerberos libraries, but given we are making
> > > > > a requirement I would go further and specify a minimum MIT Kerberos or
> > > > > Heimdal Kerberos versions.
> > > > >
> > > > > Testing for specific functionality to be present instead of version
> > > > > numbers is also ok.
> > > >
> > > > I strongly agree. Kerberos libraries have come a long way in the last
> > > > decade, and being able to rely on that would be very, very useful.
> > >
> > > Functionality, not version numbers please ! Let's not re-introduce
> > > old Makefile features :-).
> >
> > Nothing about old makefiles, for example pkg_config files allow you to
> > easily define a minimum version and there is nothing wrong with that as
> > sometimes functionality is a matter of behavior that cannot be easily
> > tested in a configure snippet.
>
> I'm not totally clear what Jeremy's reasons are, but I agree we will
> essentially need to set a minimum MIT and Heimdal version that we will
> support (and then support any alternative/workalike that has the same
> features).
>
> For MIT Kerberos, what minimum would work for you?
I would probably choose to set the bar at MIT 1.9.2 but some others may
find this a bit aggressive I guess.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list