Remove dead code from plaintext auth case (impacting on AFS, DCE/DFS, OSF1, HP-UX and others)
Andrew Bartlett
abartlet at samba.org
Wed Jan 22 19:07:16 MST 2014
On Wed, 2014-01-22 at 20:34 +0100, Christian Ambach wrote:
> Am 22.01.14 04:47, schrieb Andrew Bartlett:
> > This post, by Yannick Bergeron indicates that PAM covers the DCE/DFS use
> > case:
> > https://lists.samba.org/archive/samba-technical/2013-May/092567.html
> >
> > This does not address the actually useful use case of
> > --with-fake-kaserver, that is bug
> > https://bugzilla.samba.org/show_bug.cgi?id=9916 and remains open.
>
> I am still working on getting --with-fake-kaserver into the waf build.
> I already have it working, but it is a big patch that needs to be broken
> into smaller pieces. So please do not remove any code that
> this functionality depends on, as it will be revived soon.
I'm glad to hear that's coming back. I understand Jeremy is also
working to have this or something similar work with forwarded tickets
and Kerberos.
> > There is a lot of dead code here, and clearly a lot missed the WAF
> > transition, which is unfortunate. That said, if someone wishes to
> > revive this, we need test systems and tested patches for WAF to
> > implement the configure checks, as it isn't safe to just blindly copy
> > the logic across from the old autoconf build.
>
> I am testing this on an Ubuntu with recent OpenAFS headers. I found a
> problem with OpenAFS 1.6's headers while doing that, so I probably
> have to continue with 1.4 until those issues have been sorted out by the
> OpenAFS folks.
>
> > The purpose of these patches is just dead code elimination. If we
> > wanted to wait longer for feedback from our 4.0 waf and 4.1 users who
> > are already without this feature, we could, but my instinct is that the
> > number of users using plaintext authentication and using these systems
> > is very, very small. But if they exist, then they will be the folks who
> > will best be able to confirm any patch to restore this is actually
> > correct.
>
> I do not want to fix the plaintext auth case, just the fake kaserver
> pieces, so no objection from me as long as the functions I need will
> remain. I have to admit I didn't check your patches in detail to
> determine the impact yet.
The two cases are quite distinct, these patches won't make the fake
kaserver any more or less workable.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list