On Sun, Feb 08, 2015 at 11:36:42 +0100, Jan Rękorajski wrote: >> > But that's not the point, you missed the most important issue (system >> > MIT makes samba4 useless): > > APIs and ABIs in Heimdal and MIT are different. Samba uses Heimdal to do > AD DC kerberos. It does not build with MIT. Fedora distributes samba4 > without Kerberos, makeing it effectively a samba3 PDC. The whole point > of samba4 is it being full fledged MS AD DC. Is that explanation clear enough?
OK, I see now. So let's do some logic: samba R: heimdal-libs-server fine; note nothing else requires this lib! openldap-overlay-smbk5pwd, python-samba, samba, samba-libs R: heimdal-libs-common fine; also, nothing else requires these! samba-libs are required by other samba subpackages (incl. libsmbclient) only - so all we need to crosscheck is libsmbclient vs heimdal-libs: poldek:/all-avail> desc -B libsmbclient-4.1.14-1.x86_64 Package: libsmbclient-4.1.14-1.x86_64 Required(by): cifs-utils, fusesmb, gmerlin-avdecoder, gmplayer, gnome-control-center, gnome-vfs2-libs, gvfs-smb, kde4-kdebase-runtime, mencoder, mpd, mpd, mplayer, mpv, mpv-client-libs, perl-Filesys-SmbClient, [*samba*], vlc, xbmc, xine-input-smb Which one of those require heimdal-libs as well? cifs-utils, gnome-control-center, gnome-vfs2-libs These 3 might (should?) to be compiled using heimdal-libs. I've also checked what requires heimdal-devel, gnome-vfs2-devel, samba-devel and libsmbclient-devel and haven't seen any clashes. My point is - assuming I haven't forgot about anything (considering my last mail about versioned symbols) we could safely: 1. compile samba against heimdal to have AD (as an exception!), 2. compile everything else against MIT, 2a. except the things that require KRB+SMB itself as a precaution (i.e. the three packages mentioned earlier) (???) Rationale: 1. there might be situations where: binary -> MIT KRB -> lib1 -> MIT KRB -> lib2 -> lib*smb* -> heimdal KRB but this would be valid since all KRB symbols are versioned and there should be no path for any kerberos struct passing between lib1 and lib2 (only between binary and lib1). 2. every possible lib2 that uses both SMB _and_ KRB uses heimdal (currently gnome-vfs2-libs only). In other words: if we want samba-server using heimdal, it does NOT mean we need to build everything else using heimdal; client-server protocol effectively separates different API and ABI, symbol versioning separates ABI pulled in within single code executed. >> >> > and that's crucial now Samba is a real AD server. Just read README.dc >> >> > from Fedora's samba package, it's so pathetic it still makes me >> >> > laugh my ass off. >> >> > >> >> > That were the reasons we switched to Heimdal. >> >> Wasn't that the reason THEY have created FreeIPA for AD? > > Who are THEY? Fedora guys. As a solution for such heroic (or brain damaged) hackery required for setting up AD services you've mentioned they've ended up in FreeIPA. Isn't that better than our approach? Honestly I won't be capable of setting AD on PLD if I need to (well, mostly because I don't have any windows system to do step-by-step environment debugging) - MIT or heimdal, no difference, won't work and pld-doc doesn't help. -- Tomasz Pala <go...@pld-linux.org> _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en