On Mon, Mar 08, 2010 at 11:08:28AM -0500, Peter Shoults wrote:
> On 03/08/10 10:48, Jens Elkner wrote:
Hi Peter,
...
> >just started planning our NIS+ migration to kbr5+LDAP. Reading
> >OpenSolaris-Security-Services (819-3321.pdf) it mentions that the
> >last change happend in b102 and that SXDE is based on MIT 1.4.
> >
> >Looking at libkrb5(3LIB) on b129 however looks like MIT's 1.7 updates
> >like PAC/SPNEGO aka MS compat stuff have been already merged (cool!!!).
> >
> >So is it possible to update the "System Administration Guide:
> >Security Services" wrt. to "What's new"?
> >
> >2nd) Are there any plans to backport it to S10 - can we expect S10u9 to
> >have the MIT 1.7 changes included as well?
...
> Pretty sure Kathy is on this alias, but in case not I copied her.  She 
> can address the issue about doc changes.

Sounds good :)
  
> Regarding backporting to S10 - I handle that and we will not be doing a 
> full re-sync of functionality from 1.7 into S10, but I do take bits and 
> pieces of various fixes and backport those to S10.  These are typically 
> driven by customer escalations requesting specific functionality.
> 
> Hope that answers your question.

Yes - thanx a lot. We decided to prototype on SXCE b129 - when
everything works as we think it should, we know for sure, what's really
missing and will open appropriate cases with support.

Basic idea is, since we don't have an ADS yet and also no intention to
introduce a dependency to it, to perhaps modify samba4 a little bit, so
that we can use it as an ADS, which is  backed by/slave  of the real Solaris
KDC+LDAP. The file sharing stuff should than be handled by ZFS's CIFS.
That's why the PAC/SPNEGO question ...

So a lot to do and probably needs 3+3 month to get ready for prod...

Anyway, thanx a lot for your quick answer!!!,
jel.
-- 
Otto-von-Guericke University     http://www.cs.uni-magdeburg.de/
Department of Computer Science   Geb. 29 R 027, Universitaetsplatz 2
39106 Magdeburg, Germany         Tel: +49 391 67 12768

Reply via email to