Remove dead code from plaintext auth case (impacting on AFS, DCE/DFS, OSF1, HP-UX and others)

Andrew Bartlett abartlet at
Wed Jan 22 19:07:16 MST 2014

On Wed, 2014-01-22 at 20:34 +0100, Christian Ambach wrote:
> Am 22.01.14 04:47, schrieb Andrew Bartlett:
> > This post, by Yannick Bergeron indicates that PAM covers the DCE/DFS use
> > case:
> >
> >
> > This does not address the actually useful use case of
> > --with-fake-kaserver, that is bug
> > and remains open.
> I am still working on getting --with-fake-kaserver into the waf build.
> I already have it working, but it is a big patch that needs to be broken 
> into smaller pieces. So please do not remove any code that
> this functionality depends on, as it will be revived soon.

I'm glad to hear that's coming back.  I understand Jeremy is also
working to have this or something similar work with forwarded tickets
and Kerberos. 

> > There is a lot of dead code here, and clearly a lot missed the WAF
> > transition, which is unfortunate.  That said, if someone wishes to
> > revive this, we need test systems and tested patches for WAF to
> > implement the configure checks, as it isn't safe to just blindly copy
> > the logic across from the old autoconf build.
> I am testing this on an Ubuntu with recent OpenAFS headers. I found a 
> problem with OpenAFS 1.6's headers while doing that, so I probably
> have to continue with 1.4 until those issues have been sorted out by the 
> OpenAFS folks.
> > The purpose of these patches is just dead code elimination.  If we
> > wanted to wait longer for feedback from our 4.0 waf and 4.1 users who
> > are already without this feature, we could, but my instinct is that the
> > number of users using plaintext authentication and using these systems
> > is very, very small.  But if they exist, then they will be the folks who
> > will best be able to confirm any patch to restore this is actually
> > correct.
> I do not want to fix the plaintext auth case, just the fake kaserver 
> pieces, so no objection from me as long as the functions I need will 
> remain. I have to admit I didn't check your patches in detail to 
> determine the impact yet.

The two cases are quite distinct, these patches won't make the fake
kaserver any more or less workable. 

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list