Difference between revisions of "Projects/Samba4 Port"
From K5Wiki
< Projects
(New page: {{project-early}} == Introduction == Samba4 aims to provide a complete OSS replacement for Active Directory. Samba4, like earlier versions of Samba, uses Heimdal Kerberos. The Samba4 Port ...) |
(→Introduction) |
||
| Line 4: | Line 4: | ||
Samba4, like earlier versions of Samba, uses Heimdal Kerberos. |
Samba4, like earlier versions of Samba, uses Heimdal Kerberos. |
||
The Samba4 Port project proposes to enable Samba4 to use MIT kerberos |
The Samba4 Port project proposes to enable Samba4 to use MIT kerberos |
||
| − | instead. |
||
| + | instead. The near-term goal is that mixed krb5+AD deployments could |
||
| ⚫ | |||
| + | use Samba4 to provide better interoperation between AD realms and krb5 |
||
| + | realms. |
||
| + | |||
| ⚫ | |||
shown some interest in this Samba4 Port project. |
shown some interest in this Samba4 Port project. |
||
| + | |||
| + | == To do list == |
||
| + | |||
| + | === Replace the MIT KDC's LDAP driver === |
||
| + | <ol> |
||
| + | <li> Our LDAP driver for the KDB needs to know how to do |
||
| + | Samba4's intricate canonicalization of server names, |
||
| + | user-names, and realm names. </li> |
||
| + | <li> AD-style aliases for HOST/ service names. </li> |
||
| + | <li> Implicit names for Win2k accounts. </li> |
||
| + | <li> Principal "types": client / server / krbtgs |
||
| + | <li> Most or all of this code is in 3 samba4 source files, |
||
| + | ~1000 lines in all. </li> |
||
| + | </ol> |
||
| + | |||
| + | ---- |
||
| + | |||
| + | === |
||
| + | |||
| + | === Maybe: Improve or replace MIT's DAL === |
||
| + | |||
| + | === Maybe not: Add a KDC-as-library API === |
||
Revision as of 09:19, 14 July 2009
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Contents
Introduction
Samba4 aims to provide a complete OSS replacement for Active Directory. Samba4, like earlier versions of Samba, uses Heimdal Kerberos. The Samba4 Port project proposes to enable Samba4 to use MIT kerberos instead. The near-term goal is that mixed krb5+AD deployments could use Samba4 to provide better interoperation between AD realms and krb5 realms.
The Samba4 team, the MIT Krb Consortium, RedHat, Ubuntu, and Sun all have shown some interest in this Samba4 Port project.
To do list
Replace the MIT KDC's LDAP driver
- Our LDAP driver for the KDB needs to know how to do Samba4's intricate canonicalization of server names, user-names, and realm names.
- AD-style aliases for HOST/ service names.
- Implicit names for Win2k accounts.
- Principal "types": client / server / krbtgs
- Most or all of this code is in 3 samba4 source files, ~1000 lines in all.
