On 02/25/13 01:43, Alec Warner wrote: > On Sun, Feb 24, 2013 at 11:21 PM, Matthew Thode > <prometheanf...@gentoo.org> wrote: >> On 02/24/13 20:25, Michael Mol wrote: >>> (I really don't have time to actively participate on this list right >>> now, but I believe that if I bring it up on b.g.o, I'll be directed >>> here, so...) >>> >>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to >>> enable kerberos system-wide on my server. >>> >>> No joy, as net-fs/nfs-utils has an explicit dependency on >>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on >>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25). >>> >>> Questions: >>> >>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 >>> and kerberos demands that things with explicit dependencies on mit-krb5 >>> either be fixed or not used at all. >>> >>> I'm the first activity on bug 231936 in two years...could someone please >>> look into that one? >>> >>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them >>> through a virtual? My suspicion is "no", but I don't know enough about >>> kerberos to say whether or not it would work, even as a hack. >>> >>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to >>> crop up, so (and forgive the nausea this might cause) it might help to >>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at >>> least one. >>> >> so, read the thread so far, and I think you are over-complicating things >> with slotting. I use kerberos at home (more or less just to learn it, >> worksforme, etc). I chose MIT. From what I understand MIT and heimdal >> are mutually exclusive (can not operate with eachother) and that heimdal >> is what windows uses. > > This is incorrect, or at least, was incorrect last time I looked > (circa...uhh..2009?)
well, that was right around the time I installed it, so guess that makes sense. > > They work 'ok' together. Heimdal clients could talk to MIT servers at > least. Of course, there were quirks, and incompatible command line > syntax, hence my fierce recommendation to 'not do that.' > >> >> What this seems to be is a simple case of blockers. So, the quesiton >> is, are you going to be using kerberos in nfs? if not, masking the flag >> may be what works for you (in the short term at least). Longer term it >> sounds like maybe seperate use flags are in order (or something, dunno). > > Do not use Kerberized NFSv3. I'm unsure if nfsv4 is any better :/ > > -A > >> >> I don't think samba will support MIT, since it's kinda windows focused. >> >> On another note, I can't find bug 231936. >> >> -- >> -- Matthew Thode (prometheanfire) >> > -- -- Matthew Thode (prometheanfire)
signature.asc
Description: OpenPGP digital signature
