From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 2CFDE198005 for ; Mon, 25 Feb 2013 17:48:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4C495E0675; Mon, 25 Feb 2013 17:48:40 +0000 (UTC) Received: from mail-oa0-f47.google.com (mail-oa0-f47.google.com [209.85.219.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6339CE065A for ; Mon, 25 Feb 2013 17:48:39 +0000 (UTC) Received: by mail-oa0-f47.google.com with SMTP id o17so3266882oag.6 for ; Mon, 25 Feb 2013 09:48:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=26Rb2WlTXrnHEYMg22qQr7MeXxkQ8McO6wCU/gqoulA=; b=GUHey86oQos7BNCjgw2+PZ9RC+QGKu7VPiCCd0LCRconxcv3YPVrVgrYl5tu/XLDSo DoMazMkqNivsVY6LnyN/KxZqQi47dmdsXe5sqXNDtlHiBnaOZq5dCRqZyAElpbM68pW6 9XLlWwEyK8ZABJCzwLMvSGgjEGc5CwMlLaKkO7CsZOOldCRWVvE9kG6kjJ+JwV6Yt/9u HNvrGuYEqhbBNXtgQzC/vqN8JBiX+/zHMUxm54WQoNzr6N+f4V1YZZ4RUyhnDH5zPfJF VVNWgIB0A12jdGpuN7tqikBUfTFLjYdLjdFnVXgcGKz6wYbIEZXMW/FJ9daRLFCWUcby sgkA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.60.6.133 with SMTP id b5mr8381453oea.81.1361814518085; Mon, 25 Feb 2013 09:48:38 -0800 (PST) Received: by 10.76.130.100 with HTTP; Mon, 25 Feb 2013 09:48:37 -0800 (PST) In-Reply-To: <512B10E5.5080408@gentoo.org> References: <512ACBA1.7090209@gmail.com> <512B10E5.5080408@gentoo.org> Date: Mon, 25 Feb 2013 12:48:37 -0500 Message-ID: Subject: Re: [gentoo-dev] kerberos, virtuals, rattling cages From: Michael Mol To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: a09a2280-6d57-46e2-bcde-6d6d982a90fb X-Archives-Hash: a9e2db670466016f59cee11a861d6004 On Mon, Feb 25, 2013 at 2:21 AM, Matthew Thode wrote: > On 02/24/13 20:25, Michael Mol wrote: >> (I really don't have time to actively participate on this list right >> now, but I believe that if I bring it up on b.g.o, I'll be directed >> here, so...) >> >> So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to >> enable kerberos system-wide on my server. >> >> No joy, as net-fs/nfs-utils has an explicit dependency on >> app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on >> app-crypt/heimdal (for reasons noted in bug 195703, comment 25). >> >> Questions: >> >> 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 >> and kerberos demands that things with explicit dependencies on mit-krb5 >> either be fixed or not used at all. >> >> I'm the first activity on bug 231936 in two years...could someone please >> look into that one? >> >> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them >> through a virtual? My suspicion is "no", but I don't know enough about >> kerberos to say whether or not it would work, even as a hack. >> >> I'm sure explicit dependencies on mit-krb5 and heimdal will continue to >> crop up, so (and forgive the nausea this might cause) it might help to >> slot mit and heimdal, and have virtual/krb5 depend on the presence of at >> least one. >> > so, read the thread so far, and I think you are over-complicating things > with slotting. I use kerberos at home (more or less just to learn it, > worksforme, etc). I chose MIT. From what I understand MIT and heimdal > are mutually exclusive (can not operate with eachother) and that heimdal > is what windows uses. I think they're effectively the same on the wire, but I'm not sure. I'm studying the issue. > > What this seems to be is a simple case of blockers. So, the quesiton > is, are you going to be using kerberos in nfs? if not, masking the flag > may be what works for you (in the short term at least). Longer term it > sounds like maybe seperate use flags are in order (or something, dunno). It's the longer-term thing is what I'm interested in solving...and smoothness of kerberos in Gentoo in general. SSO for a family network would be very, very nice. > > I don't think samba will support MIT, since it's kinda windows focused. > > On another note, I can't find bug 231936. Typo. Or dyslexia. Who know... https://bugs.gentoo.org/show_bug.cgi?id=231396 -- :wq