[PROPOSAL] Require builtin or system krb5 libs
Stefan (metze) Metzmacher
metze at samba.org
Thu Jan 5 03:30:12 MST 2012
>>> For MIT Kerberos, what minimum would work for you?
>> I would probably choose to set the bar at MIT 1.9.2 but some others may
>> find this a bit aggressive I guess.
> I think the latest MIT version that would be practical in the short-term
> would be 1.8.1 as that is what is running on sn-devel.
> Even moving this far would allow us to rely on the PAC-from-GSSAPI
> support, which will make moving to always using GSSAPI possible at
> session setup.
> I've prepared a patch series for this (on top of my s3-rpc-gensec work)
> This was created using unifdef http://dotat.at/prog/unifdef/ to safely
> remove the #ifdef macros.
> To decide what functions to remove from the compatibility layer, a diff
> of the config.h from an autoconf and waf build on sn-devel was made.
> Any entry that was identical was selected, the configure test removed
> and the fallback code removed from the abstraction layer.
> This was one one API at at time, to allow a selective revert if that
> becomes required in future.
> Most of the functions being removed were compatibility layers for
> ancient Heimdal releases. (Heimdal now has a number of these MIT APIs
> It has just passed a full test autobuild on sn-devel.
> Attached is the diffstat showing the code removed, please let me know
> what you think,
Does this still build without any kerberos support?
I think we can avoid older kerberos libraries, but we should not force
the need of a new kerberos library.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the samba-technical