On Mon, Feb 25, 2013 at 2:21 AM, Matthew Thode <prometheanf...@gentoo.org> wrote: > On 02/24/13 20:25, Michael Mol wrote: >> (I really don't have time to actively participate on this list right >> now, but I believe that if I bring it up on b.g.o, I'll be directed >> here, so...) >> >> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to >> enable kerberos system-wide on my server. >> >> No joy, as net-fs/nfs-utils has an explicit dependency on >> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on >> app-crypt/heimdal (for reasons noted in bug 195703, comment 25). >> >> Questions: >> >> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 >> and kerberos demands that things with explicit dependencies on mit-krb5 >> either be fixed or not used at all. >> >> I'm the first activity on bug 231936 in two years...could someone please >> look into that one? >> >> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them >> through a virtual? My suspicion is "no", but I don't know enough about >> kerberos to say whether or not it would work, even as a hack. >> >> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to >> crop up, so (and forgive the nausea this might cause) it might help to >> slot mit and heimdal, and have virtual/krb5 depend on the presence of at >> least one. >> > so, read the thread so far, and I think you are over-complicating things > with slotting. I use kerberos at home (more or less just to learn it, > worksforme, etc). I chose MIT. From what I understand MIT and heimdal > are mutually exclusive (can not operate with eachother) and that heimdal > is what windows uses.
I think they're effectively the same on the wire, but I'm not sure. I'm studying the issue. > > What this seems to be is a simple case of blockers. So, the quesiton > is, are you going to be using kerberos in nfs? if not, masking the flag > may be what works for you (in the short term at least). Longer term it > sounds like maybe seperate use flags are in order (or something, dunno). It's the longer-term thing is what I'm interested in solving...and smoothness of kerberos in Gentoo in general. SSO for a family network would be very, very nice. > > I don't think samba will support MIT, since it's kinda windows focused. > > On another note, I can't find bug 231936. Typo. Or dyslexia. Who know... https://bugs.gentoo.org/show_bug.cgi?id=231396 -- :wq
