Current ideas on kerberos requirements for Samba4

Henrik Nordstrom hno at
Tue May 24 17:20:40 EDT 2005

On Tue, 24 May 2005, Gerald (Jerry) Carter wrote:

> If you want to add interoperability back to the buffet, then
> the Samba4 kdc implementation (and LDAP implementation)
> will have to be world class, scalable implementations.

I have always assumed the LDAP and KDC server componends of Samba4 is only 
required if you run Samba as a domain controller, while in most if not all 
interoperability situations Samba runs as a memberserver without the LDAP 
or KDC server components where this isn't an issue.

Based on this I don't really see the concerns. But if the above isn't true 
then I am truly concerned about how to deploy Samba4.

If you want to run Samba as a AD domain controller (not as a member 
server) then in my eyes is it quite reasonable that Samba provides a LDAP 
and KDC for this purpose.

But I agree to some extend on your concerns in the long run. If the goal 
is to become a full replacement for MS AD then the last word in that name 
needs to be fulfilled. MS AD is a quite good directory server capable and 
often used for far more than just the domain controller tasks. But I do 
not see this as a requirement for the MS AD controller capability of 


More information about the krbdev mailing list