[PROPOSAL] Require builtin or system krb5 libs

Stefan (metze) Metzmacher metze at samba.org
Thu Jan 5 03:30:12 MST 2012

Hi Andrew,

>>> For MIT Kerberos, what minimum would work for you?  
>> I would probably choose to set the bar at MIT 1.9.2 but some others may
>> find this a bit aggressive I guess.
> I think the latest MIT version that would be practical in the short-term
> would be 1.8.1 as that is what is running on sn-devel. 
> Even moving this far would allow us to rely on the PAC-from-GSSAPI
> support, which will make moving to always using GSSAPI possible at
> session setup.  
> I've prepared a patch series for this (on top of my s3-rpc-gensec work)
> at
> https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb5-unifdef 
> This was created using unifdef http://dotat.at/prog/unifdef/ to safely
> remove the #ifdef macros.
> To decide what functions to remove from the compatibility layer, a diff
> of the config.h from an autoconf and waf build on sn-devel was made.
> Any entry that was identical was selected, the configure test removed
> and the fallback code removed from the abstraction layer. 
> This was one one API at at time, to allow a selective revert if that
> becomes required in future. 
> Most of the functions being removed were compatibility layers for
> ancient Heimdal releases.  (Heimdal now has a number of these MIT APIs
> natively).
> It has just passed a full test autobuild on sn-devel.
> Attached is the diffstat showing the code removed, please let me know
> what you think,

Does this still build without any kerberos support?

I think we can avoid older kerberos libraries, but we should not force
the need of a new kerberos library.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120105/26a2ecb2/attachment.pgp>

More information about the samba-technical mailing list