Current ideas on kerberos requirements for Samba4

Andrew Bartlett abartlet at
Fri May 27 02:54:20 EDT 2005

On Fri, 2005-05-27 at 01:16 -0500, Nicolas Williams wrote:
> On Fri, May 27, 2005 at 01:06:55AM -0500, Nicolas Williams wrote:
> > On Fri, May 27, 2005 at 08:00:18AM +0200, Stefan (metze) Metzmacher wrote:
> > > so the design would be like this:
> > > 
> > > [wire] -> [samba socket lib] -> [samba kdc server service] -> [KDC library]
> > > [wire] <- [samba socket lib] <- [samba kdc server service] <- [KDC library]
> > 
> > I suppose I don't mind a "KDC library too much..." but, methinks that this
> > is going too far.  My first reaction, really, is "ick."
> BTW, I think coding services in such a way that they can be made into a
> library with ease is a good idea.  But usually existing code has not
> been written that way...  I think you'll find the alternative easier to
> implement.

I'll let you know in a few days, but for Heimdal this seems to be mostly
sane, and as I may have said elsewhere, it fits with the other Samba4
requirements I am under.

I actually hope that vendors *do not* create and ship their own libkdc,
particularly in the early days of Samba4.

The reason I hope this is because while high-clue, large site sysadmins
have a good chance of getting it right, and testing within their own
site, I am not looking forward to the text matrix explosion that will
occur if every vendor rips out and replaces the few thousand lines of

I won't block it by overly silly design, and I will look reasonably at
real patches, but I'm just trying not to encourage it.  (There is only
one of me to manage all this complexity).

I also just expect that in the early days of Samba4, the interfaces and
expectations will wobble around, as we try and build one KDC that

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list