Fedora 18/19/... AD DC?

Alexander Bokovoy ab at samba.org
Mon May 13 20:18:16 MDT 2013 

Hi,

On Mon, May 13, 2013 at 11:10 PM, bogdan_bartos <admin at blackpenguin.org>wrote:

> I removed the samba4 packages from a newly installed system and also the
> krb5
> package. Then a lot of other stuff stopped working including the SSH daemon
> that crashed the party. Luckily it was a test VM, not a production system.
> With the current status on Fedora and with the samba-tool removal and other
> things floating in the void, I cannot use samba 4 as a production system.
> Like I mentioned before, it was working on Fedora 17 and I suppose this was
> because of the extra samba 4 libraries that did not exist on the fedora 17
> system.
>
> I will wait to test this on fedora 19, but by the way it sounds, there's
> some time involved in the process of porting it to fedora - whatever that
> takes. With all the effort and merit that goes to the samba 4 team, I still
> do not understand why some distros go heimidal and other go MIT kerberos.
> And I also do not understand how the future will look on these distros in
> the future. Especially on Fedora. Maybe you can shed some light over the
> subject. I read why this is not possible on Fedora and I also read the
> work-arounds. But still it's not a full explanation on the evolution of the
> issue over time.
>
> Instead of work-arounds, wouldn't it be easy to implement the samba4
> kerberos as heimidal from scratch on fedora? With the price of holding back
> the libraries a few months or a few release milestones...?
>
Since you were unable to share details of how you actually tried to compile
Samba 4 on Fedora 19, nobody is able to help you.
As I stated before, there is at least support in samba rpm package to get
it compiled with embedded Heimdal version. Please be specific.

Packaging Heimdal in Fedora stuck at
https://bugzilla.redhat.com/show_bug.cgi?id=613001 and
https://bugzilla.redhat.com/show_bug.cgi?id=692606, but even if those were
solved, the issues with other applications depending on krb5 will have to
be solved to make proper distribution solution. After all, Heimdal and MIT
krb5 do not claim full binary compatibility in their libraries; all you get
is protocol compatibility and some level of compatible APIs, with both
sides having extensions of their own. Loading Heimdal version of a Kerberos
library into a process that was originally linked against MIT krb5 (and
vice-versa) is not going to work for any non-trivial application as we saw
in past.

If you want to help solving these issues, you are welcome to contribute to
those bugs or help us fixing remaining differences as used by Samba and
outlined in https://wiki.samba.org/index.php/MIT_Build -- we did a lot of
work to improve linking against MIT krb5 but mostly at client side. Server
side work is ahead.
-- 
/ Alexander Bokovoy

More information about the samba-technical mailing list