[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Samba4 KDC progress



I promised I would keep the various lists informed as to our progress
with the Samba4 KDC experiment.  (But if you feel this cross-posting is
just noise, let me know).

Over the past week, we have achieved as code what I proposed in theory.
That is, I have demonstrated a Samba4 smbd process with an embedded KDC,
with samba handing the sockets, and Heimdal kerberos packaged into a
'libkdc' and handling the Kerberos part.  

This has actually reduced the Samba-specific changes in Heimdal, as our
hdb-ldb is now plugged in from the Samba side.  I have also had great
pleasure in seeing how simple it was to plug into Heimdal's KDC and
Kerberos logging systems.  Indeed, the integration has been rather
smooth all round, so far.  (This is a new requirement, over what we have
come up with before).

To clear up our direction with regard to choice of KDC implementation:
I am very happy with the technical progress I have made with Heimdal
kerberos, and as such intend to continue down that track.  (This is
mostly a statement of the progress I've made, rather than a judgement on
the competing implementations.  I need to get one implementation
finished before I can really lay our requirements properly). 

We are currently looking into how to build this 'libkdc' in the Samba
build framework.  Currently we build heimdal separately, and link to the
resultant .a files, but we would like something more integrated than
that.  The proposal currently being advocated by tridge is to leave
Heimdal's build system (and indeed the entire Heimdal tree) intact, and
to have our build system reach in to compile individual .c files
directly into Samba4.  

I've also updated my kerberos random jottings:
http://samba.org/ftp/unpacked/samba4/source/auth/kerberos/kerberos-
notes.txt

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part