MIT Krb5 KDC in the AD DC
abartlet at samba.org
Thu Aug 7 21:08:29 MDT 2014
On Thu, 2014-08-07 at 17:50 +0200, Andreas Schneider wrote:
> On Friday 01 August 2014 15:35:24 Andrew Bartlett wrote:
> > Can we try and avoid adding back all this glue by taking an alternative
> > approach on the kpasswd server? It is the only user of the gensec_krb5
> > code, which is essentially still the old, horrid, kerberos acceptor from
> > the 3.0 days.
> Günther and I worked on starting kadmind the whole week. We can change
> passwords with kpasswd now!
> In the MIT KRB5 build we don't build gensec_krb5 and we removed the patches we
> resurrected for this. We will take a look later if we could remove gensec_krb5
> So here is a updated branch for review:
I've reviewed and pushed all these, except:
lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT.
You mean, I think,
s4-kdc: Use KRB5KDC_ERR_KEY_EXP error code available in both MIT and
Also skipped were:
Remove custom password change code in libads (we need the tests I
krb5_wrap: Use com_err in krb5_warnx. (It's fine, and reviewed, but just
was missing the signed off tag).
Also skipped for the same missing signed-off-by are the gensec_krb5
wscript change and:
pick e3e4834 lib/krb5_wrap: make sure smb_krb5_principal_get_realm
returns a malloced string.
pick d9716f1 s3-libads/krb5_setpw: free realm from
pick 32237c8 s4-dsdb/cracknames: free realm from
Aside from the tests, all this is pretty cosmetic, please tidy it up,
add my review tag and push.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the samba-technical