[PROPOSAL] Require builtin or system krb5 libs

Stefan (metze) Metzmacher metze at samba.org
Thu Jan 5 06:01:33 MST 2012

Hi Andrew,

>>>> Why not?  We have a large amount of code and complexity created by
>>>> trying (and failing, see 3.5.11, recent master) to support building
>>>> without Kerberos.  As nobody noticed until now, clearly our users accept
>>>> the need for a Kerberos library to build Samba.
>>> Recently I fixed a master build without Kerberos. See
>>> 48804e4. At least the compile went fine..
>> And I do thank you for doing that.  
>> My point here is to avoid us needing to keep doing this in future, and
>> to remove some small part of Samba's complexity that having optional
>> kerberos brings.
> And my point is to object to that. I am perfectly happy with
> us requiring a certain recent Kerberos library level if we
> do Kerberos, but we need to run without Kerberos as well.

I also think we should build without any kerberos support, I'm
happy to use only HAVE_ADS (--with-ads=no) for that,
instead of HAVE_ADS, HAVE_KRB5 and HAVE_GSSAPI wildly mixed.

When we have hidden most of the krb5/gssapi stuff behind the gensec
it shouldn't be that complex to maintain.

Most of the pain is really to work around incomplete/incompatible
krb5/gssapi libraries.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120105/adb76cba/attachment.pgp>

More information about the samba-technical mailing list