2013/10/17 Stephen Gallagher <sgall...@redhat.com> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/17/2013 07:35 AM, Benjamin Franzke wrote: > > Hi list, > > > > I've tried to use sssd with heimdal, there were some fixes to be > > done. Are you intrested in reviewing and integrating them? > > > > They are available at: https://git.bnfr.net/sssd/log/?h=heimdal-1 > > Note: They are on top of other build fixes i've send to the list > > (but thats visible in the log). > > > > This compiles without warnings and passes all make tests. Actually > > i've added alternatives for deprecated (in terms of heimdal) > > kerberos functions to avoid warnings there. > > > > I've tested this in a samba 4 environment (with the sssd-ad > > module). > > > > Just for the record, Heimdal support has come up before. Historically, > our answer has been this: "SSSD upstream does not officially support > using SSSD with Heimdal. This is because the SSSD upstream works > closely with the MIT Kerberos upstream to have features that we need > incorporated there." > > In the past, we've allowed the community to contribute patches to work > with Heimdal because there are some platforms out there that seem to > prefer it, but the people who have contributed this have a habit of > disappearing. We've always held to the idea that it's not the > responsibility of the core upstream to maintain the Heimdal patches. > > As move further along and the IPA and AD providers rely on > ever-increasing MIT-specific features, I think the value of supporting > Heimdal at all upstream continues to decrease. > > I'd honestly prefer to propose that SSSD drops its Heimdal support > entirely and stop giving the impression that it might work. If we > don't do this, a secondary option would be to add a new configure flag > for Heimdal usage that makes it clear that Heimdal support is largely > incomplete. > > > I'd honestly be more interested in taking a samba-like approach here > and making it possible to statically build-in a copy of MIT Kerberos > for those platforms that only have Heimdal (such as the BSDs), since > this would allow those platforms to enjoy all of the advance > functionality that SSSD-with-MIT can offer (such as FreeIPA > cross-realm trusts). > > > Benjamin: Please do not take this as an attack on you. This is a > long-standing issue upstream and one that just keeps coming up. >
No problem ;) I understand that position. My main motivation was to be able to build it on my main machine (gentoo) where i have samba4 installed as well. So that i can read the sssd man pages here. Also I think that if you dont want to support heimdal, maybe there should be a configure check that errors out if people try to compile against heimdal. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.15 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlJfzsoACgkQeiVVYja6o6OWPgCcCkEjBvjhQBaZgjr6RAmYJTpv > zc8Anj140fym0/O1SHT7kFIKL0cRTx4o > =KyJ4 > -----END PGP SIGNATURE----- > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > >
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
