[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?

On Sat, 2005-07-09 at 18:51 +1000, Brian May wrote:
> >>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes:
>     Andrew> Samba4 will include a copy of Heimdal kerberos, crippled
>     Andrew> such as to be built into Samba4's smbd.  Indeed, the rsh,
>     Andrew> kx and even kadmin and kdc binaries will not be available
>     Andrew> to the user.
> Presumably you will be able to disable this crippled Kerberos support
> if you want the real thing, and Samba4 will work with the real thing?

Sort of, eventually.

Nothing in Samba4 will by default conflict with the kerberos
installation on the host, so you will be able to install all these
yourself.  The current plan is that we will initially ship a possibly
modified, known snapshot of Heimdal with Samba4, and that we will
interact closely with that snapshot.  

As we get further into released versions of Samba4, and as we get
volunteers to maintain stringent configure checks, I'll be happy to
allow us to optionally link to a system krb5 lib.  I know some
distributors will be very keen to do this, but they will also take on
the risk that a Samba upgrade may force a change to those libs (because
incompatibilities with windows clients may well be in krb5/gssapi or
Samba, and the fix could fit anywhere in there).

My nightmare is that the clikrb5.c glue layer we currently maintain
might balloon out in size, and in that case I would prefer to say 'no'
to external krb5 libs than create a quagmire there.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part