| 1 |
On 02/25/13 01:43, Alec Warner wrote: |
| 2 |
> On Sun, Feb 24, 2013 at 11:21 PM, Matthew Thode |
| 3 |
> <prometheanfire@g.o> wrote: |
| 4 |
>> On 02/24/13 20:25, Michael Mol wrote: |
| 5 |
>>> (I really don't have time to actively participate on this list right |
| 6 |
>>> now, but I believe that if I bring it up on b.g.o, I'll be directed |
| 7 |
>>> here, so...) |
| 8 |
>>> |
| 9 |
>>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to |
| 10 |
>>> enable kerberos system-wide on my server. |
| 11 |
>>> |
| 12 |
>>> No joy, as net-fs/nfs-utils has an explicit dependency on |
| 13 |
>>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on |
| 14 |
>>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25). |
| 15 |
>>> |
| 16 |
>>> Questions: |
| 17 |
>>> |
| 18 |
>>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 |
| 19 |
>>> and kerberos demands that things with explicit dependencies on mit-krb5 |
| 20 |
>>> either be fixed or not used at all. |
| 21 |
>>> |
| 22 |
>>> I'm the first activity on bug 231936 in two years...could someone please |
| 23 |
>>> look into that one? |
| 24 |
>>> |
| 25 |
>>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them |
| 26 |
>>> through a virtual? My suspicion is "no", but I don't know enough about |
| 27 |
>>> kerberos to say whether or not it would work, even as a hack. |
| 28 |
>>> |
| 29 |
>>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to |
| 30 |
>>> crop up, so (and forgive the nausea this might cause) it might help to |
| 31 |
>>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at |
| 32 |
>>> least one. |
| 33 |
>>> |
| 34 |
>> so, read the thread so far, and I think you are over-complicating things |
| 35 |
>> with slotting. I use kerberos at home (more or less just to learn it, |
| 36 |
>> worksforme, etc). I chose MIT. From what I understand MIT and heimdal |
| 37 |
>> are mutually exclusive (can not operate with eachother) and that heimdal |
| 38 |
>> is what windows uses. |
| 39 |
> |
| 40 |
> This is incorrect, or at least, was incorrect last time I looked |
| 41 |
> (circa...uhh..2009?) |
| 42 |
|
| 43 |
well, that was right around the time I installed it, so guess that makes |
| 44 |
sense. |
| 45 |
|
| 46 |
> |
| 47 |
> They work 'ok' together. Heimdal clients could talk to MIT servers at |
| 48 |
> least. Of course, there were quirks, and incompatible command line |
| 49 |
> syntax, hence my fierce recommendation to 'not do that.' |
| 50 |
> |
| 51 |
>> |
| 52 |
>> What this seems to be is a simple case of blockers. So, the quesiton |
| 53 |
>> is, are you going to be using kerberos in nfs? if not, masking the flag |
| 54 |
>> may be what works for you (in the short term at least). Longer term it |
| 55 |
>> sounds like maybe seperate use flags are in order (or something, dunno). |
| 56 |
> |
| 57 |
> Do not use Kerberized NFSv3. I'm unsure if nfsv4 is any better :/ |
| 58 |
> |
| 59 |
> -A |
| 60 |
> |
| 61 |
>> |
| 62 |
>> I don't think samba will support MIT, since it's kinda windows focused. |
| 63 |
>> |
| 64 |
>> On another note, I can't find bug 231936. |
| 65 |
>> |
| 66 |
>> -- |
| 67 |
>> -- Matthew Thode (prometheanfire) |
| 68 |
>> |
| 69 |
> |
| 70 |
|
| 71 |
|
| 72 |
-- |
| 73 |
-- Matthew Thode (prometheanfire) |
Archives