1 |
On Mon, Feb 25, 2013 at 2:21 AM, Matthew Thode |
2 |
<prometheanfire@g.o> wrote: |
3 |
> On 02/24/13 20:25, Michael Mol wrote: |
4 |
>> (I really don't have time to actively participate on this list right |
5 |
>> now, but I believe that if I bring it up on b.g.o, I'll be directed |
6 |
>> here, so...) |
7 |
>> |
8 |
>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to |
9 |
>> enable kerberos system-wide on my server. |
10 |
>> |
11 |
>> No joy, as net-fs/nfs-utils has an explicit dependency on |
12 |
>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on |
13 |
>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25). |
14 |
>> |
15 |
>> Questions: |
16 |
>> |
17 |
>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 |
18 |
>> and kerberos demands that things with explicit dependencies on mit-krb5 |
19 |
>> either be fixed or not used at all. |
20 |
>> |
21 |
>> I'm the first activity on bug 231936 in two years...could someone please |
22 |
>> look into that one? |
23 |
>> |
24 |
>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them |
25 |
>> through a virtual? My suspicion is "no", but I don't know enough about |
26 |
>> kerberos to say whether or not it would work, even as a hack. |
27 |
>> |
28 |
>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to |
29 |
>> crop up, so (and forgive the nausea this might cause) it might help to |
30 |
>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at |
31 |
>> least one. |
32 |
>> |
33 |
> so, read the thread so far, and I think you are over-complicating things |
34 |
> with slotting. I use kerberos at home (more or less just to learn it, |
35 |
> worksforme, etc). I chose MIT. From what I understand MIT and heimdal |
36 |
> are mutually exclusive (can not operate with eachother) and that heimdal |
37 |
> is what windows uses. |
38 |
|
39 |
I think they're effectively the same on the wire, but I'm not sure. |
40 |
I'm studying the issue. |
41 |
|
42 |
> |
43 |
> What this seems to be is a simple case of blockers. So, the quesiton |
44 |
> is, are you going to be using kerberos in nfs? if not, masking the flag |
45 |
> may be what works for you (in the short term at least). Longer term it |
46 |
> sounds like maybe seperate use flags are in order (or something, dunno). |
47 |
|
48 |
It's the longer-term thing is what I'm interested in solving...and |
49 |
smoothness of kerberos in Gentoo in general. SSO for a family network |
50 |
would be very, very nice. |
51 |
|
52 |
> |
53 |
> I don't think samba will support MIT, since it's kinda windows focused. |
54 |
> |
55 |
> On another note, I can't find bug 231936. |
56 |
|
57 |
Typo. Or dyslexia. Who know... |
58 |
|
59 |
https://bugs.gentoo.org/show_bug.cgi?id=231396 |
60 |
|
61 |
-- |
62 |
:wq |