MIT Krb5 KDC in the AD DC
Andrew Bartlett
abartlet at samba.org
Thu Aug 7 21:08:29 MDT 2014
On Thu, 2014-08-07 at 17:50 +0200, Andreas Schneider wrote:
> On Friday 01 August 2014 15:35:24 Andrew Bartlett wrote:
> > Can we try and avoid adding back all this glue by taking an alternative
> > approach on the kpasswd server? It is the only user of the gensec_krb5
> > code, which is essentially still the old, horrid, kerberos acceptor from
> > the 3.0 days.
>
> Yep!
>
> Günther and I worked on starting kadmind the whole week. We can change
> passwords with kpasswd now!
>
> In the MIT KRB5 build we don't build gensec_krb5 and we removed the patches we
> resurrected for this. We will take a look later if we could remove gensec_krb5
> completely.
>
> So here is a updated branch for review:
>
> https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-mit-kdc-ok
I've reviewed and pushed all these, except:
In:
lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT.
You mean, I think,
s4-kdc: Use KRB5KDC_ERR_KEY_EXP error code available in both MIT and
Heimdal
Also skipped were:
Remove custom password change code in libads (we need the tests I
mentioned earlier)
krb5_wrap: Use com_err in krb5_warnx. (It's fine, and reviewed, but just
was missing the signed off tag).
Also skipped for the same missing signed-off-by are the gensec_krb5
wscript change and:
pick e3e4834 lib/krb5_wrap: make sure smb_krb5_principal_get_realm
returns a malloced string.
pick d9716f1 s3-libads/krb5_setpw: free realm from
smb_krb5_principal_get_realm().
pick 32237c8 s4-dsdb/cracknames: free realm from
smb_krb5_principal_get_realm().
Aside from the tests, all this is pretty cosmetic, please tidy it up,
add my review tag and push.
Thanks!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140808/580019f8/attachment.pgp>
More information about the samba-technical
mailing list