OT: Heimdal snapshots for debian (was: Re: [Samba] LDAP + SASL (kerberos) password syncing)

Mark Roach mrroach at okmaybe.com
Sat Feb 5 15:02:45 GMT 2005

On Fri, 2005-01-21 at 13:58 +1100, Andrew Bartlett wrote:
> On Thu, 2005-01-20 at 20:58 -0500, Mark Roach wrote:

> > > You could also use the smbk5pwd OpenLDAP module, which will fill out the
> > > other Kerberos encryption types at the same time.  (I'm not yet running
> > > this).  I think this module should run with 'ldap password sync = only'.
> > 
> > That seems like the ideal situation. It sounds like I'm not going to be
> > able to pull this off with the versions of openldap and heimdal in the
> > debian repositories though. Not a big deal, but not ideal for my
> > purposes. Perhaps I'll do some custom packaging.
> I'll be interested to see what you come up with, and happy to help on
> it.  I'm looking to move my LDAP off RedHat, so I can use the Heimdal
> libs and this stuff :-)

FYI, I packaged one of the heimdal snapshots. I had to do some fiddling
that didn't quite feel kosher though, mainly changing the libtool
arguments for libasn1 to keep the major version at 5 instead of 4 as it
seemed to want to turn out for me. Official Debian heimdal packages are
compiled against kerberos4kth versions of libroken, libotp, libss,
libsl, this one is not. 

Of course, sasl has to be rebuilt against these package versions, but
that is a pretty easy one. I don't think I had to change more than one
line in the control file to make that happen.

Files are here: http://mrroach.okmaybe.com/software/heimdal/ any
suggestions are welcome, and if someone has the bandwidth and
inclination to put binaries up somewhere that would be cool.


More information about the samba mailing list