[Samba] Heimdal Kerberos in Samba4
Jeremy Allison
jra at samba.org
Fri Jul 22 16:25:10 UTC 2016
On Fri, Jul 22, 2016 at 02:54:05PM +0200, Stefan Schäfer wrote:
> Hi List,
>
> I do my best to ask my question in english. ;-)
>
> Samba4 integrated heimdal kerberos to do the kerberos work for
> Active Directory. Some Linux Distributions like fedora/RedHat and
> openSUSE/SUSE don't accept heimdal even if it is shipped inside
> samba.
>
> Their argument is that heimdal isn't maintained since 2012.
> Compiling samba against MIT krb5 results in Samba-Packages without
> AD.
>
> Result: Active Directory is impossible with the Disitribution
> packages of samba.with the above mentioned Linux distributions.
>
> Fedoras way to solve this is:
>
> "We are intending to make possible use of AD DC functionality with
> MIT Kerberos but this is longer term project that requires
> cooperation between Samba, MIT, and FreeIPA."
> which means never, in my opinion."
No you're wrong about that. Andreas, Guenther and Alexander
at Redhat are working diligently every day towards this. We're planning
to get to that sooner rather than later.
> My questions:
>
> Is the heimdal code inside of samba4 maintained by the samba team or
> is this unmaintained static code?
Maintained. If it's in Samba we are responsible.
Once it's working with MIT we'll eventually remove
it from our tree though.
> Are there considerations about using MIT krb5 inside samba4 instead
> of heimdal?
Talk to Andreas, Guenther and Alexander for the latest.
> The intention of our project "invis-server" is to bring samba 4 with
> AD DC functionality into openSUSE. Therefor we need arguments for
> the coming discussion.
Hurrah ! I'm really glad to hear this ! If you could
coordinate with the people doing the Heimdal -> MIT
work then we can get there faster.
Cheers,
Jeremy.
More information about the samba
mailing list