Web lists-archives.com

Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms

On Mon, 2019-04-08 at 11:12 -0400, Vincent S. Cojot via samba wrote:
> Adding Alexander (cc'ed, thank you)
> Hi Sergio,
> I found some hints (dating back almost a year ago) about why gnutls-3.4 
> might be needed:
> https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> I don't know how much of this still holds true (I've been running an AD DC 
> with rhel7's gnutls 3.3.z for over a year without apparent issues).

For builds with the (recommended) internal Heimdal Kerberos we do not
require GnuTLS 3.4 because we have a fallback implementation against a
the Heimdal crypto API.

The 'requirement' probably came via the Fedora build which uses MIT
Kerberos.  No production builds should use MIT Kerberos for the AD DC
as this remains an experimental configuration.

Finally, we do try and pick this kind of thing up at configure time. 
If a Samba build completes but it doesn't function at runtime then we
consider that a bug.  (With the proviso that we don't currently have a
way to detect and fail on missing python packages). 

I hope this clarifies things,

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba