Looking to once again re-bundle LDB

[Alexander Bokovoy]

On Срд, 14 лют 2024, Michael Tokarev wrote:
> 14.02.2024 17:46, Alexander Bokovoy wrote:
> ..
> > We do rebuilds of the whole stack in Fedora if bots detect samba ABI had changed. So for us it is not a problem.
> 
> It's easy to do with "current" Fedora release.  It's entirely different
> question when you want to provide current samba to a previous Fedora
> release.  And that's where the problem is, - providing "backports" of
> current samba to previous releases of distributions.

If you are building packages on top of RHEL by replacing existing
packages there, you are responsible in fixing all breakage that new
packages would introduce. It is maintenance work that one needs to
consider when providing alternative builds, regardless of a
distribution.

> For RHEL for example, some previous but still supported stable version is
> using, say, samba 4.13, and you want to run current samba 4.19 on it, -
> you'll have to either provide current sssd (rebuilt against 4.19), or a
> rebuild of whatever sssd was used on that older stable RHEL, together
> with new samba.  That's what I'm talking about.
> 
> This is probably less of an issue for RHEL though. On the samba list
> there are quite high demand on new samba for older releases of distributions.
> 
> > FreeIPA only supports MIT Kerberos for the server side and SSSD
> > provides Kerberos pre-authentication modules to MIT Kerberos soi it
> > is also best to be built against MIT version.
> 
> Yeah, it would be best to build samba against mit krb5, if it were a
> supported way.

It is supported. It just provides a bit different set of features
compared to Heimdal-enabled Samba builds. See our talk at SambaXP'23 for
details.

-- 
/ Alexander Bokovoy