(I really don't have time to actively participate on this list right now, but I believe that if I bring it up on b.g.o, I'll be directed here, so...)
So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to enable kerberos system-wide on my server. No joy, as net-fs/nfs-utils has an explicit dependency on app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on app-crypt/heimdal (for reasons noted in bug 195703, comment 25). Questions: 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 and kerberos demands that things with explicit dependencies on mit-krb5 either be fixed or not used at all. I'm the first activity on bug 231936 in two years...could someone please look into that one? 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them through a virtual? My suspicion is "no", but I don't know enough about kerberos to say whether or not it would work, even as a hack. I'm sure explicit dependencies on mit-krb5 and heimdal will continue to crop up, so (and forgive the nausea this might cause) it might help to slot mit and heimdal, and have virtual/krb5 depend on the presence of at least one.
signature.asc
Description: OpenPGP digital signature