I promised I would keep the various lists informed as to our progress with the Samba4 KDC experiment. (But if you feel this cross-posting is just noise, let me know). Over the past week, we have achieved as code what I proposed in theory. That is, I have demonstrated a Samba4 smbd process with an embedded KDC, with samba handing the sockets, and Heimdal kerberos packaged into a 'libkdc' and handling the Kerberos part. This has actually reduced the Samba-specific changes in Heimdal, as our hdb-ldb is now plugged in from the Samba side. I have also had great pleasure in seeing how simple it was to plug into Heimdal's KDC and Kerberos logging systems. Indeed, the integration has been rather smooth all round, so far. (This is a new requirement, over what we have come up with before). To clear up our direction with regard to choice of KDC implementation: I am very happy with the technical progress I have made with Heimdal kerberos, and as such intend to continue down that track. (This is mostly a statement of the progress I've made, rather than a judgement on the competing implementations. I need to get one implementation finished before I can really lay our requirements properly). We are currently looking into how to build this 'libkdc' in the Samba build framework. Currently we build heimdal separately, and link to the resultant .a files, but we would like something more integrated than that. The proposal currently being advocated by tridge is to leave Heimdal's build system (and indeed the entire Heimdal tree) intact, and to have our build system reach in to compile individual .c files directly into Samba4. I've also updated my kerberos random jottings: http://samba.org/ftp/unpacked/samba4/source/auth/kerberos/kerberos- notes.txt Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part