Current ideas on kerberos requirements for Samba4
abartlet at samba.org
Tue May 24 18:21:49 EDT 2005
On Tue, 2005-05-24 at 15:07 -0400, Alan DeKok wrote:
> "James F. Hranicky" <jfh at cise.ufl.edu> wrote:
> > Well, my first reaction is that since Heimdal and Samba can currently both
> > share an LDAP database for PDC support, could it be possible to do the
> > same with AD?
> 1) Investigate what AD needs from protocol data sharing
Wrote the thesis:
> 2) Investigate how this would be put into LDAP
We have done so, and implemented our own 'ldap like' interface backing
onto either LDAP or an in-memory database.
> 3) Investigate how it would be implemented in Heimdal, etc.
Done that. See the version of Heimdal in 'lorikeet'
svn co svn://svnanon.samba.org/lorikeet/trunk/heimdal lorikeet-heimdal
> 4) Report back.
This series of notes. I was certainly not going to be so silly as to
talk about this before I had spent time to actually implement a viable
> My bet is that you'd need (0) to do this:
> 0) Get contract to spend 6 months working on the following
Yes, it took about 6 months, on and off.
We do actually, already implement a good series of interfaces which
keeps the KDC separate. Currently they don't even share any source code
aside from standard shared/static libraries we provide.
However, to finish off the job, I'm proposing to integrate at the object
link level (with lukeh tells me he has done before) and to handle some
things consistently across the whole suite (no user config errors).
Now, the mistake I made was opening my big trap before I had just
quietly finished the libkdc part (which is a few days integration, I
hope, and actually doesn't change Heimdal's internal structure very much
Jeremy is right about kerberos patches, and it has been a right pain in
Samba3. This is why I've tried not to promise the world to those
running their own KDCs. I know their plight, and I'll be receptive to
patches, but I'm just going to try and get mine working first.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050525/b0812369/attachment.bin
More information about the krbdev