Current ideas on kerberos requirements for Samba4

Ken Hornstein kenh at
Mon May 23 11:18:00 EDT 2005

>My current feeling is that Samba may well ship it's own KDC (based
>either on Heimdal, our own code or potentially some other codebase) for
>some time into the future.  To whatever extent Samba includes a
>derivative of another distribution of kerberos, the aim would be to keep
>the 'diff' between the two projects as small as possible, while
>integrating the code for minimum administrative and engineering pain.

Just my $0.02:

I already have a hacked KDC (based on MIT) that has a number of custom
extensions that I need.  Running a Samba-supplied KDC is simply a
non-starter.  I know plenty of people who are in the same boat.  Just
as an aside - it seems when you do Kerberos for a while, you find that
you need to do some number of changes to make it fit better at your
site, so this sort of thing just tends to crop up.  This probably
isn't an issue for smaller sites, or sites that just want to run a KDC
to suppot Samba.

If you provide a chunk of code and say, "You need to integrate this",
then that's fine with me (if it's Heimdal-only, then that will be a
pain, but I can deal).  I know, I could always do cross-realm ... but
trust me, I have more experience with cross-realm than most people, and
I'm not going to run a seperate realm just for Samba.


More information about the krbdev mailing list