From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E6002198005 for ; Mon, 25 Feb 2013 02:49:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9B1B4E04CB; Mon, 25 Feb 2013 02:48:43 +0000 (UTC) Received: from mail-ve0-f176.google.com (mail-ve0-f176.google.com [209.85.128.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A7263E039A for ; Mon, 25 Feb 2013 02:48:42 +0000 (UTC) Received: by mail-ve0-f176.google.com with SMTP id cz10so1828821veb.7 for ; Sun, 24 Feb 2013 18:48:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:sender:x-originating-ip:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:x-gm-message-state; bh=uLOwquwFrLi2z0OKusOsCGytIE0xiw2ClZ4VxfBq1yA=; b=VsQifgoVq/dch2zsBe1v5cLjgma9bbCdmS7fTVWnJrHZn2cUGt7SaR0+sWrJnqcryJ 71ezr/UYJa1YJyeeNBEr7G0vt8GmEI02iQzbawQHv4Ndtslb9SCieABeqTuV3XjYdJYY D1ahnhudIBbh0PZrOTCV020LovZTacqFfuCTdOXdtq6mdqWueq6kyAaHekV1ed6K9GWo 8/w8F1DcZGlMYJFAAirEb+Qe0LRpfC1d2OruUC3+f13SfG857Yqx1+Qa2lFeBwU/8svO KrCuTWNmKrW1r6q8jhS0/dbwFRtXAyWMXtov6DlXSIYgAY7HtJeYUqYXVNmFl+r1AEQF I1tQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.220.224.77 with SMTP id in13mr325950vcb.12.1361760521764; Sun, 24 Feb 2013 18:48:41 -0800 (PST) Sender: antarus@scriptkitty.com Received: by 10.220.124.2 with HTTP; Sun, 24 Feb 2013 18:48:41 -0800 (PST) X-Originating-IP: [208.54.39.241] In-Reply-To: <512ACBA1.7090209@gmail.com> References: <512ACBA1.7090209@gmail.com> Date: Sun, 24 Feb 2013 18:48:41 -0800 X-Google-Sender-Auth: mU2RiIQU56rpNpiywkRm9I6T_w8 Message-ID: Subject: Re: [gentoo-dev] kerberos, virtuals, rattling cages From: Alec Warner To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQmgZCIF7ObJ/4f6IUJx7mj9CNiwU/oR7mmLge9kio/M/NGqF9xSHkii4LE+hljV8faKGzh/ X-Archives-Salt: 9d7080fc-3a73-493d-a50e-fd86afcef6a3 X-Archives-Hash: 567a7958fbe7e0f56b5cfee4674a9573 On Sun, Feb 24, 2013 at 6:25 PM, Michael Mol wrote: > (I really don't have time to actively participate on this list right > now, but I believe that if I bring it up on b.g.o, I'll be directed > here, so...) > > So I'm playing with net-fs/samba-4.0.3, AD and kerberos, and tried to > enable kerberos system-wide on my server. > > No joy, as net-fs/nfs-utils has an explicit dependency on > app-crypt/mit-krb5 (bug 231936) and net-fs/samba-4.0.3 depends on > app-crypt/heimdal (for reasons noted in bug 195703, comment 25). I'm not familiar with anyone using Kerberos on Gentoo. I use it on Ubuntu; but we do not use it with Samba (or at least, if we do, I am not aware of it.) > > Questions: > > 1) If upstream isn't going to support mit-krb5, then use of samba-4.0.3 > and kerberos demands that things with explicit dependencies on mit-krb5 > either be fixed or not used at all. I'm fairly sure samba supports either kerberos implementation; is there something that makes you think differently? > > I'm the first activity on bug 231936 in two years...could someone please > look into that one? > > 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them > through a virtual? My suspicion is "no", but I don't know enough about > kerberos to say whether or not it would work, even as a hack. > I'm not following you here. 'slot' means a very specific thing. You are not actually suggesting we use SLOT, you simply want both versions of the library to be installed in one ROOT? I would not advocate this approach. You should strive to have only one kerberos implementation on a given machine. > I'm sure explicit dependencies on mit-krb5 and heimdal will continue to > crop up, so (and forgive the nausea this might cause) it might help to > slot mit and heimdal, and have virtual/krb5 depend on the presence of at > least one. > It is likely that explicit dependencies are wrong, and are just bugs. -A