* [gentoo-dev] kerberos, virtuals, rattling cages
@ 2013-02-25 2:25 Michael Mol
2013-02-25 2:48 ` Alec Warner
` (2 more replies)
0 siblings, 3 replies; 18+ messages in thread
From: Michael Mol @ 2013-02-25 2:25 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1203 bytes --]
(I really don't have time to actively participate on this list right
now, but I believe that if I bring it up on b.g.o, I'll be directed
here, so...)
So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
enable kerberos system-wide on my server.
No joy, as net-fs/nfs-utils has an explicit dependency on
app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
Questions:
1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
and kerberos demands that things with explicit dependencies on mit-krb5
either be fixed or not used at all.
I'm the first activity on bug 231936 in two years...could someone please
look into that one?
2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
through a virtual? My suspicion is "no", but I don't know enough about
kerberos to say whether or not it would work, even as a hack.
I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
crop up, so (and forgive the nausea this might cause) it might help to
slot mit and heimdal, and have virtual/krb5 depend on the presence of at
least one.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 2:25 [gentoo-dev] kerberos, virtuals, rattling cages Michael Mol
@ 2013-02-25 2:48 ` Alec Warner
2013-02-25 3:17 ` Michael Mol
2013-02-25 7:21 ` Matthew Thode
2013-02-25 7:22 ` Eray Aslan
2 siblings, 1 reply; 18+ messages in thread
From: Alec Warner @ 2013-02-25 2:48 UTC (permalink / raw
To: gentoo-dev
On Sun, Feb 24, 2013 at 6:25 PM, Michael Mol <mikemol@gmail.com> wrote:
> (I really don't have time to actively participate on this list right
> now, but I believe that if I bring it up on b.g.o, I'll be directed
> here, so...)
>
> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
> enable kerberos system-wide on my server.
>
> No joy, as net-fs/nfs-utils has an explicit dependency on
> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
I'm not familiar with anyone using Kerberos on Gentoo. I use it on
Ubuntu; but we do not use it with Samba (or at least, if we do, I am
not aware of it.)
>
> Questions:
>
> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
> and kerberos demands that things with explicit dependencies on mit-krb5
> either be fixed or not used at all.
I'm fairly sure samba supports either kerberos implementation; is
there something that makes you think differently?
>
> I'm the first activity on bug 231936 in two years...could someone please
> look into that one?
>
> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
> through a virtual? My suspicion is "no", but I don't know enough about
> kerberos to say whether or not it would work, even as a hack.
>
I'm not following you here. 'slot' means a very specific thing. You
are not actually suggesting we use SLOT, you simply want both versions
of the library to be installed in one ROOT?
I would not advocate this approach. You should strive to have only one
kerberos implementation on a given machine.
> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
> crop up, so (and forgive the nausea this might cause) it might help to
> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
> least one.
>
It is likely that explicit dependencies are wrong, and are just bugs.
-A
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 2:48 ` Alec Warner
@ 2013-02-25 3:17 ` Michael Mol
2013-02-25 3:40 ` [gentoo-dev] " Duncan
2013-02-25 3:46 ` [gentoo-dev] " Alec Warner
0 siblings, 2 replies; 18+ messages in thread
From: Michael Mol @ 2013-02-25 3:17 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 3883 bytes --]
On 02/24/2013 09:48 PM, Alec Warner wrote:
> On Sun, Feb 24, 2013 at 6:25 PM, Michael Mol <mikemol@gmail.com> wrote:
>> (I really don't have time to actively participate on this list right
>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>> here, so...)
>>
>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>> enable kerberos system-wide on my server.
>>
>> No joy, as net-fs/nfs-utils has an explicit dependency on
>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>
> I'm not familiar with anyone using Kerberos on Gentoo. I use it on
> Ubuntu; but we do not use it with Samba (or at least, if we do, I am
> not aware of it.)
It's one of the core components of Active Directory, so anyone who puts
a Gentoo machine on an AD domain will likely be using it. I'm playing
around with Samba 4, which is supposed to have full support as a
standalone AD controller. An AD controller is effectively a central box
that manages and directs domain members to DNS (the host directory),
LDAP (the user and authorization directory) and Kerberos (the
authentication mechanism).
>
>>
>> Questions:
>>
>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>> and kerberos demands that things with explicit dependencies on mit-krb5
>> either be fixed or not used at all.
>
> I'm fairly sure samba supports either kerberos implementation; is
> there something that makes you think differently?
The explicit dependency on app-crypt/heimdal in the ebuild, and comment
25 attached to b.g.o bug 195703. I've taken those at face value; I
haven't followed up on them myself.
>
>>
>> I'm the first activity on bug 231936 in two years...could someone please
>> look into that one?
>>
>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>> through a virtual? My suspicion is "no", but I don't know enough about
>> kerberos to say whether or not it would work, even as a hack.
>>
>
> I'm not following you here. 'slot' means a very specific thing. You
> are not actually suggesting we use SLOT, you simply want both versions
> of the library to be installed in one ROOT?
>
> I would not advocate this approach. You should strive to have only one
> kerberos implementation on a given machine.
I'm really not certain, to be honest. It was my impression that slots
allow for two different versions of a thing to be present on the same
system, and that their different sonames on the system would lead to
correct symbol resolution. (Although it would require that the soname
being sought be adjusted in a dependent program to target the version
required.)
Even if it works, I acknowledge it's a nauseating hack for the circumstance.
>
>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>> crop up, so (and forgive the nausea this might cause) it might help to
>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>> least one.
>>
>
> It is likely that explicit dependencies are wrong, and are just bugs.
This is what I found in the ebuild for net-fs/nfs-utils:
# kth-krb doesn't provide the right include
# files, and nfs-utils doesn't build against heimdal either,
# so don't depend on virtual/krb.
# (04 Feb 2005 agriffis)
Which I noted in a comment I attached to bug 231936 (relating to
net-fs/nfs-util).
In bug 195703 (relating to the samba-4 version bump), there's this:
"Since samba 4 doesn't support mit-krb5, I think we shouldn't depend on
virtual/krb5 but instead directly on heimdal after the com_err.h problem
is fixed." in comment 25, dated 2009-11-24 23:07:18 UTC.
Directly responded to later by this:
"Agreed." in comment 26, dated 2009-11-25 10:01:48 UTC
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-dev] Re: kerberos, virtuals, rattling cages
2013-02-25 3:17 ` Michael Mol
@ 2013-02-25 3:40 ` Duncan
2013-02-25 3:54 ` Michael Mol
2013-02-25 3:46 ` [gentoo-dev] " Alec Warner
1 sibling, 1 reply; 18+ messages in thread
From: Duncan @ 2013-02-25 3:40 UTC (permalink / raw
To: gentoo-dev
Michael Mol posted on Sun, 24 Feb 2013 22:17:56 -0500 as excerpted:
>> I'm not following you here. 'slot' means a very specific thing. You are
>> not actually suggesting we use SLOT, you simply want both versions of
>> the library to be installed in one ROOT?
>>
>> I would not advocate this approach. You should strive to have only one
>> kerberos implementation on a given machine.
>
> I'm really not certain, to be honest. It was my impression that slots
> allow for two different versions of a thing to be present on the same
> system, and that their different sonames on the system would lead to
> correct symbol resolution. (Although it would require that the soname
> being sought be adjusted in a dependent program to target the version
> required.)
The issue is in one's definition of "two different versions of a thing".
"Slot", in the gentoo sense, has the meaning of two different versions of
the same package, say qt-3 (tho that's long out-of-tree, but alive in kde-
sunset) and qt-4 and qt-5 (tho that's very new, but is or will soon be a
problem as more packages dep on it), where there'd ordinarily be file and/
or functionality collisions, NOT two different packages containing the
same functionality, which is the extended meaning it appears you're
applying here, but which only confuses people when used within the gentoo
context.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 3:17 ` Michael Mol
2013-02-25 3:40 ` [gentoo-dev] " Duncan
@ 2013-02-25 3:46 ` Alec Warner
2013-02-25 4:03 ` Michael Mol
1 sibling, 1 reply; 18+ messages in thread
From: Alec Warner @ 2013-02-25 3:46 UTC (permalink / raw
To: gentoo-dev
On Sun, Feb 24, 2013 at 7:17 PM, Michael Mol <mikemol@gmail.com> wrote:
> On 02/24/2013 09:48 PM, Alec Warner wrote:
>> On Sun, Feb 24, 2013 at 6:25 PM, Michael Mol <mikemol@gmail.com> wrote:
>>> (I really don't have time to actively participate on this list right
>>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>>> here, so...)
>>>
>>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>>> enable kerberos system-wide on my server.
>>>
>>> No joy, as net-fs/nfs-utils has an explicit dependency on
>>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>>
>> I'm not familiar with anyone using Kerberos on Gentoo. I use it on
>> Ubuntu; but we do not use it with Samba (or at least, if we do, I am
>> not aware of it.)
>
> It's one of the core components of Active Directory, so anyone who puts
> a Gentoo machine on an AD domain will likely be using it. I'm playing
> around with Samba 4, which is supposed to have full support as a
> standalone AD controller. An AD controller is effectively a central box
> that manages and directs domain members to DNS (the host directory),
> LDAP (the user and authorization directory) and Kerberos (the
> authentication mechanism).
Don't misunderstand, I know what all these things are ;)
>
>>
>>>
>>> Questions:
>>>
>>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>>> and kerberos demands that things with explicit dependencies on mit-krb5
>>> either be fixed or not used at all.
>>
>> I'm fairly sure samba supports either kerberos implementation; is
>> there something that makes you think differently?
>
> The explicit dependency on app-crypt/heimdal in the ebuild, and comment
> 25 attached to b.g.o bug 195703. I've taken those at face value; I
> haven't followed up on them myself.
>
>>
>>>
>>> I'm the first activity on bug 231936 in two years...could someone please
>>> look into that one?
>>>
>>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>>> through a virtual? My suspicion is "no", but I don't know enough about
>>> kerberos to say whether or not it would work, even as a hack.
>>>
>>
>> I'm not following you here. 'slot' means a very specific thing. You
>> are not actually suggesting we use SLOT, you simply want both versions
>> of the library to be installed in one ROOT?
>>
>> I would not advocate this approach. You should strive to have only one
>> kerberos implementation on a given machine.
>
> I'm really not certain, to be honest. It was my impression that slots
> allow for two different versions of a thing to be present on the same
> system, and that their different sonames on the system would lead to
> correct symbol resolution. (Although it would require that the soname
> being sought be adjusted in a dependent program to target the version
> required.)
mit-krb5 and heimdal are separate packages. They both provide krb
headers and kerb libraries. You could easily patch them to be on the
same system. The problem with doing so is that packages are expecting
only one set of kerberos headers and kerberos shared libraries.
We have the 'eselect' framework for switching between 'providers'
which we could use in this case (similar to say, the opengl libraries
your system might use.) It is not clear to me if switching providers
is at all safe in the kerberos instance, or if software built against
mit-krb5 would crash if you pointed the loader at some heimdal shared
objects.
>
> Even if it works, I acknowledge it's a nauseating hack for the circumstance.
>
>>
>>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>>> crop up, so (and forgive the nausea this might cause) it might help to
>>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>>> least one.
>>>
>>
>> It is likely that explicit dependencies are wrong, and are just bugs.
>
> This is what I found in the ebuild for net-fs/nfs-utils:
>
> # kth-krb doesn't provide the right include
> # files, and nfs-utils doesn't build against heimdal either,
> # so don't depend on virtual/krb.
> # (04 Feb 2005 agriffis)
>
> Which I noted in a comment I attached to bug 231936 (relating to
> net-fs/nfs-util).
>
> In bug 195703 (relating to the samba-4 version bump), there's this:
>
> "Since samba 4 doesn't support mit-krb5, I think we shouldn't depend on
> virtual/krb5 but instead directly on heimdal after the com_err.h problem
> is fixed." in comment 25, dated 2009-11-24 23:07:18 UTC.
>
> Directly responded to later by this:
>
> "Agreed." in comment 26, dated 2009-11-25 10:01:48 UTC
>
>
>
So nothing recent then ;p
I think just 'eras' is the only person in the kerberos herd at this
point. I only have a passing interest in it myself (and I'm not
looking to maintain it in Gentoo ;))
-A
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] Re: kerberos, virtuals, rattling cages
2013-02-25 3:40 ` [gentoo-dev] " Duncan
@ 2013-02-25 3:54 ` Michael Mol
0 siblings, 0 replies; 18+ messages in thread
From: Michael Mol @ 2013-02-25 3:54 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2681 bytes --]
On 02/24/2013 10:40 PM, Duncan wrote:
> Michael Mol posted on Sun, 24 Feb 2013 22:17:56 -0500 as excerpted:
>
>>> I'm not following you here. 'slot' means a very specific thing. You are
>>> not actually suggesting we use SLOT, you simply want both versions of
>>> the library to be installed in one ROOT?
>>>
>>> I would not advocate this approach. You should strive to have only one
>>> kerberos implementation on a given machine.
>>
>> I'm really not certain, to be honest. It was my impression that slots
>> allow for two different versions of a thing to be present on the same
>> system, and that their different sonames on the system would lead to
>> correct symbol resolution. (Although it would require that the soname
>> being sought be adjusted in a dependent program to target the version
>> required.)
>
> The issue is in one's definition of "two different versions of a thing".
>
> "Slot", in the gentoo sense, has the meaning of two different versions of
> the same package, say qt-3 (tho that's long out-of-tree, but alive in kde-
> sunset) and qt-4 and qt-5 (tho that's very new, but is or will soon be a
> problem as more packages dep on it), where there'd ordinarily be file and/
> or functionality collisions, NOT two different packages containing the
> same functionality, which is the extended meaning it appears you're
> applying here, but which only confuses people when used within the gentoo
> context.
>
My presumption was that both app-crypt/heimdal and app-crypt/mit-krb5
used the same binary names.
$ equery f app-crypt/mit-krb5|grep -e '\.so'|sed -e 's/\.so.*//'|sed -e
's/.*\///'|sort -u|grep -v debug
db2
encrypted_challenge
libgssapi_krb5
libgssrpc
libk5crypto
libkadm5clnt
libkadm5clnt_mit
libkadm5srv
libkadm5srv_mit
libkdb5
libkrb5
libkrb5support
pkinit
(on a different machine)
$ equery f app-crypt/heimdal|grep -e '\.so'|sed -e 's/\.so.*//'|sed -e
's/.*\///'|sort -u|grep -v debug
libasn1
libgssapi
libhcrypto
libhdb
libheimbase
libheimntlm
libhx509
libkadm5clnt
libkadm5srv
libkafs
libkdc
libkrb5
libroken
libsl
libwind
windc
The overlap between the two includes libkrb5, libkadm5clnt and
libkadm5srv. When I was thinking "why not slots?", that was explicitly
the part I was thinking of.
The distinction between two versions of a thing, and two implementations
of a thing, is a thorny epistemological issue; "extended meaning" is
good way to put it. I've acknowledge that abusing slots in this way is
pretty vile. I don't really care to advocate it; I merely brought it up
as an alternative. (But it seems it's a difficult question to bridge.)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 3:46 ` [gentoo-dev] " Alec Warner
@ 2013-02-25 4:03 ` Michael Mol
0 siblings, 0 replies; 18+ messages in thread
From: Michael Mol @ 2013-02-25 4:03 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 5941 bytes --]
On 02/24/2013 10:46 PM, Alec Warner wrote:
> On Sun, Feb 24, 2013 at 7:17 PM, Michael Mol <mikemol@gmail.com> wrote:
>> On 02/24/2013 09:48 PM, Alec Warner wrote:
>>> On Sun, Feb 24, 2013 at 6:25 PM, Michael Mol <mikemol@gmail.com> wrote:
>>>> (I really don't have time to actively participate on this list right
>>>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>>>> here, so...)
>>>>
>>>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>>>> enable kerberos system-wide on my server.
>>>>
>>>> No joy, as net-fs/nfs-utils has an explicit dependency on
>>>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>>>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>>>
>>> I'm not familiar with anyone using Kerberos on Gentoo. I use it on
>>> Ubuntu; but we do not use it with Samba (or at least, if we do, I am
>>> not aware of it.)
>>
>> It's one of the core components of Active Directory, so anyone who puts
>> a Gentoo machine on an AD domain will likely be using it. I'm playing
>> around with Samba 4, which is supposed to have full support as a
>> standalone AD controller. An AD controller is effectively a central box
>> that manages and directs domain members to DNS (the host directory),
>> LDAP (the user and authorization directory) and Kerberos (the
>> authentication mechanism).
>
> Don't misunderstand, I know what all these things are ;)
>
>>
>>>
>>>>
>>>> Questions:
>>>>
>>>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>>>> and kerberos demands that things with explicit dependencies on mit-krb5
>>>> either be fixed or not used at all.
>>>
>>> I'm fairly sure samba supports either kerberos implementation; is
>>> there something that makes you think differently?
>>
>> The explicit dependency on app-crypt/heimdal in the ebuild, and comment
>> 25 attached to b.g.o bug 195703. I've taken those at face value; I
>> haven't followed up on them myself.
>>
>>>
>>>>
>>>> I'm the first activity on bug 231936 in two years...could someone please
>>>> look into that one?
>>>>
>>>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>>>> through a virtual? My suspicion is "no", but I don't know enough about
>>>> kerberos to say whether or not it would work, even as a hack.
>>>>
>>>
>>> I'm not following you here. 'slot' means a very specific thing. You
>>> are not actually suggesting we use SLOT, you simply want both versions
>>> of the library to be installed in one ROOT?
>>>
>>> I would not advocate this approach. You should strive to have only one
>>> kerberos implementation on a given machine.
>>
>> I'm really not certain, to be honest. It was my impression that slots
>> allow for two different versions of a thing to be present on the same
>> system, and that their different sonames on the system would lead to
>> correct symbol resolution. (Although it would require that the soname
>> being sought be adjusted in a dependent program to target the version
>> required.)
>
> mit-krb5 and heimdal are separate packages. They both provide krb
> headers and kerb libraries. You could easily patch them to be on the
> same system. The problem with doing so is that packages are expecting
> only one set of kerberos headers and kerberos shared libraries.
>
> We have the 'eselect' framework for switching between 'providers'
> which we could use in this case (similar to say, the opengl libraries
> your system might use.) It is not clear to me if switching providers
> is at all safe in the kerberos instance, or if software built against
> mit-krb5 would crash if you pointed the loader at some heimdal shared
> objects.
Don't misunderstand, I know about eselect. ;)
And, yeah, I don't know if thunking/shimming/redirecting is safe in the
kerberos context. If it was, there should never have been any question
of compatibility.
>
>>
>> Even if it works, I acknowledge it's a nauseating hack for the circumstance.
>>
>>>
>>>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>>>> crop up, so (and forgive the nausea this might cause) it might help to
>>>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>>>> least one.
>>>>
>>>
>>> It is likely that explicit dependencies are wrong, and are just bugs.
>>
>> This is what I found in the ebuild for net-fs/nfs-utils:
>>
>> # kth-krb doesn't provide the right include
>> # files, and nfs-utils doesn't build against heimdal either,
>> # so don't depend on virtual/krb.
>> # (04 Feb 2005 agriffis)
>>
>> Which I noted in a comment I attached to bug 231936 (relating to
>> net-fs/nfs-util).
>>
>> In bug 195703 (relating to the samba-4 version bump), there's this:
>>
>> "Since samba 4 doesn't support mit-krb5, I think we shouldn't depend on
>> virtual/krb5 but instead directly on heimdal after the com_err.h problem
>> is fixed." in comment 25, dated 2009-11-24 23:07:18 UTC.
>>
>> Directly responded to later by this:
>>
>> "Agreed." in comment 26, dated 2009-11-25 10:01:48 UTC
>>
>>
>>
>
> So nothing recent then ;p
Which is exactly why I bring it up; the net-fs/nfs-utils bug is stale,
and the reference in the samba package is ancient. (Things directly
partaining to samba-4 get bounced into that bug, which really means a
stale comment is roughly the same as a stale bug...)
>
> I think just 'eras' is the only person in the kerberos herd at this
> point. I only have a passing interest in it myself (and I'm not
> looking to maintain it in Gentoo ;))
Yeah, I know, "if you want it fixed in Gentoo, fix it yourself." I would
if I had time. I may have time some day, but I wouldn't bet in that
direction. But it'd have been foolish not to at least try to shake the
dust off the issue. Apologies if I triggered any allergies... :)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 2:25 [gentoo-dev] kerberos, virtuals, rattling cages Michael Mol
2013-02-25 2:48 ` Alec Warner
@ 2013-02-25 7:21 ` Matthew Thode
2013-02-25 7:43 ` Alec Warner
2013-02-25 17:48 ` [gentoo-dev] " Michael Mol
2013-02-25 7:22 ` Eray Aslan
2 siblings, 2 replies; 18+ messages in thread
From: Matthew Thode @ 2013-02-25 7:21 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2073 bytes --]
On 02/24/13 20:25, Michael Mol wrote:
> (I really don't have time to actively participate on this list right
> now, but I believe that if I bring it up on b.g.o, I'll be directed
> here, so...)
>
> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
> enable kerberos system-wide on my server.
>
> No joy, as net-fs/nfs-utils has an explicit dependency on
> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>
> Questions:
>
> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
> and kerberos demands that things with explicit dependencies on mit-krb5
> either be fixed or not used at all.
>
> I'm the first activity on bug 231936 in two years...could someone please
> look into that one?
>
> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
> through a virtual? My suspicion is "no", but I don't know enough about
> kerberos to say whether or not it would work, even as a hack.
>
> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
> crop up, so (and forgive the nausea this might cause) it might help to
> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
> least one.
>
so, read the thread so far, and I think you are over-complicating things
with slotting. I use kerberos at home (more or less just to learn it,
worksforme, etc). I chose MIT. From what I understand MIT and heimdal
are mutually exclusive (can not operate with eachother) and that heimdal
is what windows uses.
What this seems to be is a simple case of blockers. So, the quesiton
is, are you going to be using kerberos in nfs? if not, masking the flag
may be what works for you (in the short term at least). Longer term it
sounds like maybe seperate use flags are in order (or something, dunno).
I don't think samba will support MIT, since it's kinda windows focused.
On another note, I can't find bug 231936.
--
-- Matthew Thode (prometheanfire)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 2:25 [gentoo-dev] kerberos, virtuals, rattling cages Michael Mol
2013-02-25 2:48 ` Alec Warner
2013-02-25 7:21 ` Matthew Thode
@ 2013-02-25 7:22 ` Eray Aslan
2 siblings, 0 replies; 18+ messages in thread
From: Eray Aslan @ 2013-02-25 7:22 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 941 bytes --]
On Sun, Feb 24, 2013 at 09:25:37PM -0500, Michael Mol wrote:
> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
> through a virtual? My suspicion is "no", but I don't know enough about
> kerberos to say whether or not it would work, even as a hack.
You can't eselect the kerberos implementation under an application.
These two packages do provide different symbols.
And you can't just make both packages installable concurrently and hope
everything works out. There are too many assumptions built into too
many applications about what library from which package provides what
symbol. That way lies madness.
The bugs you mantion are old ones. I suggest you (and net-fs and samba
herds) to check if they still apply and if they do see what prevents the
said package from using the alternative implementation and solve it
there - where it really belongs anyway.
--
Eray Aslan <eras@gentoo.org>
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 7:21 ` Matthew Thode
@ 2013-02-25 7:43 ` Alec Warner
2013-02-25 7:53 ` Matthew Thode
2013-02-25 8:02 ` Eray Aslan
2013-02-25 17:48 ` [gentoo-dev] " Michael Mol
1 sibling, 2 replies; 18+ messages in thread
From: Alec Warner @ 2013-02-25 7:43 UTC (permalink / raw
To: gentoo-dev
On Sun, Feb 24, 2013 at 11:21 PM, Matthew Thode
<prometheanfire@gentoo.org> wrote:
> On 02/24/13 20:25, Michael Mol wrote:
>> (I really don't have time to actively participate on this list right
>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>> here, so...)
>>
>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>> enable kerberos system-wide on my server.
>>
>> No joy, as net-fs/nfs-utils has an explicit dependency on
>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>>
>> Questions:
>>
>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>> and kerberos demands that things with explicit dependencies on mit-krb5
>> either be fixed or not used at all.
>>
>> I'm the first activity on bug 231936 in two years...could someone please
>> look into that one?
>>
>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>> through a virtual? My suspicion is "no", but I don't know enough about
>> kerberos to say whether or not it would work, even as a hack.
>>
>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>> crop up, so (and forgive the nausea this might cause) it might help to
>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>> least one.
>>
> so, read the thread so far, and I think you are over-complicating things
> with slotting. I use kerberos at home (more or less just to learn it,
> worksforme, etc). I chose MIT. From what I understand MIT and heimdal
> are mutually exclusive (can not operate with eachother) and that heimdal
> is what windows uses.
This is incorrect, or at least, was incorrect last time I looked
(circa...uhh..2009?)
They work 'ok' together. Heimdal clients could talk to MIT servers at
least. Of course, there were quirks, and incompatible command line
syntax, hence my fierce recommendation to 'not do that.'
>
> What this seems to be is a simple case of blockers. So, the quesiton
> is, are you going to be using kerberos in nfs? if not, masking the flag
> may be what works for you (in the short term at least). Longer term it
> sounds like maybe seperate use flags are in order (or something, dunno).
Do not use Kerberized NFSv3. I'm unsure if nfsv4 is any better :/
-A
>
> I don't think samba will support MIT, since it's kinda windows focused.
>
> On another note, I can't find bug 231936.
>
> --
> -- Matthew Thode (prometheanfire)
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 7:43 ` Alec Warner
@ 2013-02-25 7:53 ` Matthew Thode
2013-02-25 8:02 ` Eray Aslan
1 sibling, 0 replies; 18+ messages in thread
From: Matthew Thode @ 2013-02-25 7:53 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2832 bytes --]
On 02/25/13 01:43, Alec Warner wrote:
> On Sun, Feb 24, 2013 at 11:21 PM, Matthew Thode
> <prometheanfire@gentoo.org> wrote:
>> On 02/24/13 20:25, Michael Mol wrote:
>>> (I really don't have time to actively participate on this list right
>>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>>> here, so...)
>>>
>>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>>> enable kerberos system-wide on my server.
>>>
>>> No joy, as net-fs/nfs-utils has an explicit dependency on
>>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>>>
>>> Questions:
>>>
>>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>>> and kerberos demands that things with explicit dependencies on mit-krb5
>>> either be fixed or not used at all.
>>>
>>> I'm the first activity on bug 231936 in two years...could someone please
>>> look into that one?
>>>
>>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>>> through a virtual? My suspicion is "no", but I don't know enough about
>>> kerberos to say whether or not it would work, even as a hack.
>>>
>>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>>> crop up, so (and forgive the nausea this might cause) it might help to
>>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>>> least one.
>>>
>> so, read the thread so far, and I think you are over-complicating things
>> with slotting. I use kerberos at home (more or less just to learn it,
>> worksforme, etc). I chose MIT. From what I understand MIT and heimdal
>> are mutually exclusive (can not operate with eachother) and that heimdal
>> is what windows uses.
>
> This is incorrect, or at least, was incorrect last time I looked
> (circa...uhh..2009?)
well, that was right around the time I installed it, so guess that makes
sense.
>
> They work 'ok' together. Heimdal clients could talk to MIT servers at
> least. Of course, there were quirks, and incompatible command line
> syntax, hence my fierce recommendation to 'not do that.'
>
>>
>> What this seems to be is a simple case of blockers. So, the quesiton
>> is, are you going to be using kerberos in nfs? if not, masking the flag
>> may be what works for you (in the short term at least). Longer term it
>> sounds like maybe seperate use flags are in order (or something, dunno).
>
> Do not use Kerberized NFSv3. I'm unsure if nfsv4 is any better :/
>
> -A
>
>>
>> I don't think samba will support MIT, since it's kinda windows focused.
>>
>> On another note, I can't find bug 231936.
>>
>> --
>> -- Matthew Thode (prometheanfire)
>>
>
--
-- Matthew Thode (prometheanfire)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 7:43 ` Alec Warner
2013-02-25 7:53 ` Matthew Thode
@ 2013-02-25 8:02 ` Eray Aslan
2013-02-25 11:03 ` [gentoo-dev] " Duncan
1 sibling, 1 reply; 18+ messages in thread
From: Eray Aslan @ 2013-02-25 8:02 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 891 bytes --]
On Sun, Feb 24, 2013 at 11:43:06PM -0800, Alec Warner wrote:
> This is incorrect, or at least, was incorrect last time I looked
> (circa...uhh..2009?)
>
> They work 'ok' together. Heimdal clients could talk to MIT servers at
> least.
and vice-versa.
> Of course, there were quirks, and incompatible command line
> syntax, hence my fierce recommendation to 'not do that.'
Yes.
> > I don't think samba will support MIT, since it's kinda windows focused.
Ugh, no. MIT is not windows focused (although it does ship a windows
client for better integration with *nix kdcs). Apple uses heimdal in
recent macos'es and employs some main developers of heimdal and samba
(hence samba - heimdal tight integration). There was some work from red
hat to make samba4 work with mit-krb5 but it stalled and did not go
anywhere (yet?) afaik.
--
Eray Aslan <eras@gentoo.org>
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* [gentoo-dev] Re: kerberos, virtuals, rattling cages
2013-02-25 8:02 ` Eray Aslan
@ 2013-02-25 11:03 ` Duncan
2013-02-25 14:33 ` Alan McKinnon
2013-02-25 21:35 ` Michael Mol
0 siblings, 2 replies; 18+ messages in thread
From: Duncan @ 2013-02-25 11:03 UTC (permalink / raw
To: gentoo-dev
Eray Aslan posted on Mon, 25 Feb 2013 10:02:49 +0200 as excerpted:
>> > I don't think samba will support MIT, since it's kinda windows
>> > focused.
>
> Ugh, no. MIT is not windows focused
... But samba is...
As far as the thread in general goes, the question arises, if you're
running both samba and nfs, why? They're both network-based-filesystems
that in theory at least should have reasonably similar functionality, so
an admittedly not particularly clueful reaction is "if it hurts when you
do that, stop doing it".
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] Re: kerberos, virtuals, rattling cages
2013-02-25 11:03 ` [gentoo-dev] " Duncan
@ 2013-02-25 14:33 ` Alan McKinnon
2013-02-25 14:53 ` Rich Freeman
2013-02-25 21:35 ` Michael Mol
1 sibling, 1 reply; 18+ messages in thread
From: Alan McKinnon @ 2013-02-25 14:33 UTC (permalink / raw
To: gentoo-dev
On 25/02/2013 13:03, Duncan wrote:
> Eray Aslan posted on Mon, 25 Feb 2013 10:02:49 +0200 as excerpted:
>
>>>> I don't think samba will support MIT, since it's kinda windows
>>>> focused.
>>
>> Ugh, no. MIT is not windows focused
>
> ... But samba is...
>
>
> As far as the thread in general goes, the question arises, if you're
> running both samba and nfs, why? They're both network-based-filesystems
> that in theory at least should have reasonably similar functionality, so
> an admittedly not particularly clueful reaction is "if it hurts when you
> do that, stop doing it".
>
Two words:
mixed environment
In corporate networks it is very common to share the same backend over
both smb/cifs and nfs.
Windows clients can't easily deal with anything other than cifs.
Linux client invariably whinge at length about how the performance of
samba sucks.
Solution: run both protocols, everyone wins.
It only goes south when AD/Kerberos enters the mix.
--
Alan McKinnon
alan.mckinnon@gmail.com
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] Re: kerberos, virtuals, rattling cages
2013-02-25 14:33 ` Alan McKinnon
@ 2013-02-25 14:53 ` Rich Freeman
0 siblings, 0 replies; 18+ messages in thread
From: Rich Freeman @ 2013-02-25 14:53 UTC (permalink / raw
To: gentoo-dev
On Mon, Feb 25, 2013 at 9:33 AM, Alan McKinnon <alan.mckinnon@gmail.com> wrote:
> Linux client invariably whinge at length about how the performance of
> samba sucks.
I suspect there is more at issue than just performance.
I run both samba and nfs (though without kerberos), and have the
windows issues you mentioned, and I doubt that you can use samba as a
root filesystem (that sounds painful at the very least), which is one
of the things I use it for. NFS is just a lot cleaner for linux
clients.
Rich
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 7:21 ` Matthew Thode
2013-02-25 7:43 ` Alec Warner
@ 2013-02-25 17:48 ` Michael Mol
2013-02-25 23:59 ` Michael Mol
1 sibling, 1 reply; 18+ messages in thread
From: Michael Mol @ 2013-02-25 17:48 UTC (permalink / raw
To: gentoo-dev
On Mon, Feb 25, 2013 at 2:21 AM, Matthew Thode
<prometheanfire@gentoo.org> wrote:
> On 02/24/13 20:25, Michael Mol wrote:
>> (I really don't have time to actively participate on this list right
>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>> here, so...)
>>
>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>> enable kerberos system-wide on my server.
>>
>> No joy, as net-fs/nfs-utils has an explicit dependency on
>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>>
>> Questions:
>>
>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>> and kerberos demands that things with explicit dependencies on mit-krb5
>> either be fixed or not used at all.
>>
>> I'm the first activity on bug 231936 in two years...could someone please
>> look into that one?
>>
>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>> through a virtual? My suspicion is "no", but I don't know enough about
>> kerberos to say whether or not it would work, even as a hack.
>>
>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>> crop up, so (and forgive the nausea this might cause) it might help to
>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>> least one.
>>
> so, read the thread so far, and I think you are over-complicating things
> with slotting. I use kerberos at home (more or less just to learn it,
> worksforme, etc). I chose MIT. From what I understand MIT and heimdal
> are mutually exclusive (can not operate with eachother) and that heimdal
> is what windows uses.
I think they're effectively the same on the wire, but I'm not sure.
I'm studying the issue.
>
> What this seems to be is a simple case of blockers. So, the quesiton
> is, are you going to be using kerberos in nfs? if not, masking the flag
> may be what works for you (in the short term at least). Longer term it
> sounds like maybe seperate use flags are in order (or something, dunno).
It's the longer-term thing is what I'm interested in solving...and
smoothness of kerberos in Gentoo in general. SSO for a family network
would be very, very nice.
>
> I don't think samba will support MIT, since it's kinda windows focused.
>
> On another note, I can't find bug 231936.
Typo. Or dyslexia. Who know...
https://bugs.gentoo.org/show_bug.cgi?id=231396
--
:wq
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] Re: kerberos, virtuals, rattling cages
2013-02-25 11:03 ` [gentoo-dev] " Duncan
2013-02-25 14:33 ` Alan McKinnon
@ 2013-02-25 21:35 ` Michael Mol
1 sibling, 0 replies; 18+ messages in thread
From: Michael Mol @ 2013-02-25 21:35 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1575 bytes --]
On 02/25/2013 06:03 AM, Duncan wrote:
> Eray Aslan posted on Mon, 25 Feb 2013 10:02:49 +0200 as excerpted:
>
>>>> I don't think samba will support MIT, since it's kinda windows
>>>> focused.
>>
>> Ugh, no. MIT is not windows focused
>
> ... But samba is...
Actually, no. That's why I've been so excited about Samba 4, and why I'm
setting it up at home. AD is actually a very powerful network
administration tool, and it's not necessary to think of it as a "Windows
thing". Think of it more like a sane replacement of NIS, tying in NTP
and DNS management as well.
>
>
> As far as the thread in general goes, the question arises, if you're
> running both samba and nfs, why? They're both network-based-filesystems
> that in theory at least should have reasonably similar functionality, so
> an admittedly not particularly clueful reaction is "if it hurts when you
> do that, stop doing it".
It's incredibly rare to see a uniform enterprise network. Every one I've
witnessed is heterogenous. The reasons usually come in a mix of these
flavors:
1) There's no policy for homogeneity.
2) Department A does it one way, department B does it another way, and
both departments are largely autonomous.
3) There needs to be integration between system A and system B, and
neither of those systems can reasonably be expected to change from their
current state.
4) Someone mandated a "solution" that only supports X and Y, and it's
not worth the resources and risk of revamping the entire rest of the
network to meet that spec natively.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [gentoo-dev] kerberos, virtuals, rattling cages
2013-02-25 17:48 ` [gentoo-dev] " Michael Mol
@ 2013-02-25 23:59 ` Michael Mol
0 siblings, 0 replies; 18+ messages in thread
From: Michael Mol @ 2013-02-25 23:59 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2827 bytes --]
On 02/25/2013 12:48 PM, Michael Mol wrote:
> On Mon, Feb 25, 2013 at 2:21 AM, Matthew Thode
> <prometheanfire@gentoo.org> wrote:
>> On 02/24/13 20:25, Michael Mol wrote:
>>> (I really don't have time to actively participate on this list right
>>> now, but I believe that if I bring it up on b.g.o, I'll be directed
>>> here, so...)
>>>
>>> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to
>>> enable kerberos system-wide on my server.
>>>
>>> No joy, as net-fs/nfs-utils has an explicit dependency on
>>> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on
>>> app-crypt/heimdal (for reasons noted in bug 195703, comment 25).
>>>
>>> Questions:
>>>
>>> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3
>>> and kerberos demands that things with explicit dependencies on mit-krb5
>>> either be fixed or not used at all.
>>>
>>> I'm the first activity on bug 231936 in two years...could someone please
>>> look into that one?
>>>
>>> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
>>> through a virtual? My suspicion is "no", but I don't know enough about
>>> kerberos to say whether or not it would work, even as a hack.
>>>
>>> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to
>>> crop up, so (and forgive the nausea this might cause) it might help to
>>> slot mit and heimdal, and have virtual/krb5 depend on the presence of at
>>> least one.
>>>
>> so, read the thread so far, and I think you are over-complicating things
>> with slotting. I use kerberos at home (more or less just to learn it,
>> worksforme, etc). I chose MIT. From what I understand MIT and heimdal
>> are mutually exclusive (can not operate with eachother) and that heimdal
>> is what windows uses.
>
> I think they're effectively the same on the wire, but I'm not sure.
> I'm studying the issue.
For the record: On my system, the only two changes I had to make to
enable kerberos (largely) system-wide were:
1) mask net-fs/nfs-utils (it was only being brought in by the kerberos
flag, anyway)
2) mask dev-libs/openssl[kerberos]. See
https://bugs.gentoo.org/show_bug.cgi?id=459220
Both of those had explicit dependencies on app-crypt/mit-krb5. After
that, everything built fine for app-crypt/heimdal. (No idea how well it
works; I've still got a ways to go to prove/disprove any of that.)
My purpose in originating this thread isn't (and hasn't been) all about
getting AD operating correctly and pervasively. My purpose is in getting
the package dependencies for kerberos sanified and cleaned up. If that
means there are upstream issues, I can prod them, too, I suppose.
(I do still wonder what all breaks if assumption is "allow mit-krb5 to
be installed, rather than heimdal".)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 555 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2013-02-25 23:59 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-25 2:25 [gentoo-dev] kerberos, virtuals, rattling cages Michael Mol
2013-02-25 2:48 ` Alec Warner
2013-02-25 3:17 ` Michael Mol
2013-02-25 3:40 ` [gentoo-dev] " Duncan
2013-02-25 3:54 ` Michael Mol
2013-02-25 3:46 ` [gentoo-dev] " Alec Warner
2013-02-25 4:03 ` Michael Mol
2013-02-25 7:21 ` Matthew Thode
2013-02-25 7:43 ` Alec Warner
2013-02-25 7:53 ` Matthew Thode
2013-02-25 8:02 ` Eray Aslan
2013-02-25 11:03 ` [gentoo-dev] " Duncan
2013-02-25 14:33 ` Alan McKinnon
2013-02-25 14:53 ` Rich Freeman
2013-02-25 21:35 ` Michael Mol
2013-02-25 17:48 ` [gentoo-dev] " Michael Mol
2013-02-25 23:59 ` Michael Mol
2013-02-25 7:22 ` Eray Aslan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox