Current ideas on kerberos requirements for Samba4
abartlet at samba.org
Fri May 27 02:54:20 EDT 2005
On Fri, 2005-05-27 at 01:16 -0500, Nicolas Williams wrote:
> On Fri, May 27, 2005 at 01:06:55AM -0500, Nicolas Williams wrote:
> > On Fri, May 27, 2005 at 08:00:18AM +0200, Stefan (metze) Metzmacher wrote:
> > > so the design would be like this:
> > >
> > > [wire] -> [samba socket lib] -> [samba kdc server service] -> [KDC library]
> > > [wire] <- [samba socket lib] <- [samba kdc server service] <- [KDC library]
> > I suppose I don't mind a "KDC library too much..." but, methinks that this
> > is going too far. My first reaction, really, is "ick."
> BTW, I think coding services in such a way that they can be made into a
> library with ease is a good idea. But usually existing code has not
> been written that way... I think you'll find the alternative easier to
I'll let you know in a few days, but for Heimdal this seems to be mostly
sane, and as I may have said elsewhere, it fits with the other Samba4
requirements I am under.
I actually hope that vendors *do not* create and ship their own libkdc,
particularly in the early days of Samba4.
The reason I hope this is because while high-clue, large site sysadmins
have a good chance of getting it right, and testing within their own
site, I am not looking forward to the text matrix explosion that will
occur if every vendor rips out and replaces the few thousand lines of
I won't block it by overly silly design, and I will look reasonably at
real patches, but I'm just trying not to encourage it. (There is only
one of me to manage all this complexity).
I also just expect that in the early days of Samba4, the interfaces and
expectations will wobble around, as we try and build one KDC that
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050527/a003bf70/attachment.bin
More information about the krbdev