Re: Please, IMHO, resolve in some way the Samba MIT kerberos problem.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On ti, 11 helmi 2020, Dario Lesca wrote:

Il giorno lun, 04/11/2019 alle 08.38 -0500, Neal Gompa ha scritto:

The problem with the Samba team's advice is that it
essentiallyprevents the MIT Kerberos AD-DC implementation from
getting anybetter. Without people using it, we can't know what needs
to be fixed.The Red Hat FreeIPA team has been working on making this
functionalitywork well with MIT Kerberos for nearly a decade. The
main reason it'snot in RHEL/CentOS 8 is because the functionality is
too new for themto turn it on.
Also, declaring that it is experimental is meaningless. What
definesit as experimental? Is there any particular known massive
breakage?We're not going to ship Heimdal Kerberos because the two
Kerberosimplementations are incompatible and supporting both would be
amassive nightmare.
At this point, the only way Samba Team will stop calling
itexperimental is when lots of folks are using it. That's why
Fedoraships with it enabled. We have the opportunity to help make
thatbetter upstream.


After last MIT Kerberos update, another big problem with samba is gone
https://bugzilla.redhat.com/show_bug.cgi?id=1748860#c44

Perhaps  the time has come to remove "experimental" from the use of
samba + MIT


Or there are yet some other serious reasons not to do it?


There are few more missing parts here and there that need to be
implemented. They might affect some use cases and not others. At this
point, I'd suggest to open bugs as you see them, this will help us to
clarify more use cases and see what can be supported or not (yet).

Thank you very much for your patience and willingness to help improving
both Samba and MIT Kerberos.

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux