[PROPOSAL] Require builtin or system krb5 libs
idra at samba.org
Thu Jan 5 07:07:10 MST 2012
On Thu, 2012-01-05 at 18:11 +1100, Andrew Bartlett wrote:
> On Tue, 2012-01-03 at 01:37 -0500, simo wrote:
> > On Tue, 2012-01-03 at 14:06 +1100, Andrew Bartlett wrote:
> > > For MIT Kerberos, what minimum would work for you?
> > I would probably choose to set the bar at MIT 1.9.2 but some others may
> > find this a bit aggressive I guess.
> I think the latest MIT version that would be practical in the short-term
> would be 1.8.1 as that is what is running on sn-devel.
> Even moving this far would allow us to rely on the PAC-from-GSSAPI
> support, which will make moving to always using GSSAPI possible at
> session setup.
> I've prepared a patch series for this (on top of my s3-rpc-gensec work)
> This was created using unifdef http://dotat.at/prog/unifdef/ to safely
> remove the #ifdef macros.
> To decide what functions to remove from the compatibility layer, a diff
> of the config.h from an autoconf and waf build on sn-devel was made.
> Any entry that was identical was selected, the configure test removed
> and the fallback code removed from the abstraction layer.
> This was one one API at at time, to allow a selective revert if that
> becomes required in future.
> Most of the functions being removed were compatibility layers for
> ancient Heimdal releases. (Heimdal now has a number of these MIT APIs
> It has just passed a full test autobuild on sn-devel.
> Attached is the diffstat showing the code removed, please let me know
> what you think,
I am not clear why you are removing autoconf tests, for example for
krb5_c_enctype_compare(), you should just make the test a fatal in case
of failure, but not remove it altogether IMO.
There is nothing to gain by removing the test while we may have
something to lose if it is not there.
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical