[PROPOSAL] Require builtin or system krb5 libs
Stefan (metze) Metzmacher
metze at samba.org
Thu Jan 5 06:01:33 MST 2012
Hi Andrew,
>>>> Why not? We have a large amount of code and complexity created by
>>>> trying (and failing, see 3.5.11, recent master) to support building
>>>> without Kerberos. As nobody noticed until now, clearly our users accept
>>>> the need for a Kerberos library to build Samba.
>>>
>>> Recently I fixed a master build without Kerberos. See
>>> 48804e4. At least the compile went fine..
>>
>> And I do thank you for doing that.
>>
>> My point here is to avoid us needing to keep doing this in future, and
>> to remove some small part of Samba's complexity that having optional
>> kerberos brings.
>
> And my point is to object to that. I am perfectly happy with
> us requiring a certain recent Kerberos library level if we
> do Kerberos, but we need to run without Kerberos as well.
I also think we should build without any kerberos support, I'm
happy to use only HAVE_ADS (--with-ads=no) for that,
instead of HAVE_ADS, HAVE_KRB5 and HAVE_GSSAPI wildly mixed.
When we have hidden most of the krb5/gssapi stuff behind the gensec
abstraction,
it shouldn't be that complex to maintain.
Most of the pain is really to work around incomplete/incompatible
krb5/gssapi libraries.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120105/adb76cba/attachment.pgp>
More information about the samba-technical
mailing list