Remove dead code from plaintext auth case (impacting on AFS, DCE/DFS, OSF1, HP-UX and others)

Andrew Bartlett abartlet at samba.org
Wed Jan 22 19:07:16 MST 2014


On Wed, 2014-01-22 at 20:34 +0100, Christian Ambach wrote:
> Am 22.01.14 04:47, schrieb Andrew Bartlett:
> > This post, by Yannick Bergeron indicates that PAM covers the DCE/DFS use
> > case:
> > https://lists.samba.org/archive/samba-technical/2013-May/092567.html
> >
> > This does not address the actually useful use case of
> > --with-fake-kaserver, that is bug
> > https://bugzilla.samba.org/show_bug.cgi?id=9916 and remains open.
> 
> I am still working on getting --with-fake-kaserver into the waf build.
> I already have it working, but it is a big patch that needs to be broken 
> into smaller pieces. So please do not remove any code that
> this functionality depends on, as it will be revived soon.

I'm glad to hear that's coming back.  I understand Jeremy is also
working to have this or something similar work with forwarded tickets
and Kerberos. 

> > There is a lot of dead code here, and clearly a lot missed the WAF
> > transition, which is unfortunate.  That said, if someone wishes to
> > revive this, we need test systems and tested patches for WAF to
> > implement the configure checks, as it isn't safe to just blindly copy
> > the logic across from the old autoconf build.
> 
> I am testing this on an Ubuntu with recent OpenAFS headers. I found a 
> problem with OpenAFS 1.6's headers while doing that, so I probably
> have to continue with 1.4 until those issues have been sorted out by the 
> OpenAFS folks.
> 
> > The purpose of these patches is just dead code elimination.  If we
> > wanted to wait longer for feedback from our 4.0 waf and 4.1 users who
> > are already without this feature, we could, but my instinct is that the
> > number of users using plaintext authentication and using these systems
> > is very, very small.  But if they exist, then they will be the folks who
> > will best be able to confirm any patch to restore this is actually
> > correct.
> 
> I do not want to fix the plaintext auth case, just the fake kaserver 
> pieces, so no objection from me as long as the functions I need will 
> remain. I have to admit I didn't check your patches in detail to 
> determine the impact yet.

The two cases are quite distinct, these patches won't make the fake
kaserver any more or less workable. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list