[PATCHES] heimdal: lib/krb5: do not fail set_config_files due to parse error

Andrew Bartlett abartlet at samba.org
Tue Jun 19 21:02:24 UTC 2018

On Tue, 2018-06-19 at 11:50 -0700, Jeremy Allison via samba-technical
> On Tue, Jun 19, 2018 at 08:42:34PM +0200, Volker Lendecke via samba-technical wrote:
> > On Tue, Jun 19, 2018 at 08:33:23PM +0300, Alexander Bokovoy via samba-technical wrote:
> > > I'm OK for removing it atm but going forward we cannot pretend such
> > > configurations do not exist. For example, if someone wants to build
> > > Samba AD on RHEL/CentOS using Heimdal but keeping the rest of the system
> > > with MIT Kerberos, a default system krb5.conf is utilizing includedir to
> > > implement crypto defaults.
> > > 
> > > In a sense, Volker's follow up patch is a better direction because it
> > > supports includedir operation.
> > 
> > The problem is -- there's more broken code around this. How is our
> > policy right now wrt heimdal? Do we have to go through upstream and
> > fix their code first, wait for a release and then port into our
> > version? Or can we go into our copy and right away fix what's broken?
> *Is* there a working upstream anymore ? If not, we need to maintain
> ourselves.

Yes, there is a active working upstream and both Metze and I have
commit rights if for some reason patches get ignored.  It is (horror) a
github project these days, and I do see discussion of pull requests
from time to time. 

You are correct that for a time it languished, but it has been picked
back up.

Once patches are in upstream git master (no need to wait for a release)
they can be back-ported.  This helps for when I get back to updating
our copy so we don't regress, so the effort is much appriciated. 

Finally, yes, we really need to support the includedir option.  This is
a sharp edge that we should not have left for so long. 


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list