On Mon, Mar 08, 2010 at 11:08:28AM -0500, Peter Shoults wrote: > On 03/08/10 10:48, Jens Elkner wrote: Hi Peter, ... > >just started planning our NIS+ migration to kbr5+LDAP. Reading > >OpenSolaris-Security-Services (819-3321.pdf) it mentions that the > >last change happend in b102 and that SXDE is based on MIT 1.4. > > > >Looking at libkrb5(3LIB) on b129 however looks like MIT's 1.7 updates > >like PAC/SPNEGO aka MS compat stuff have been already merged (cool!!!). > > > >So is it possible to update the "System Administration Guide: > >Security Services" wrt. to "What's new"? > > > >2nd) Are there any plans to backport it to S10 - can we expect S10u9 to > >have the MIT 1.7 changes included as well? ... > Pretty sure Kathy is on this alias, but in case not I copied her. She > can address the issue about doc changes.
Sounds good :) > Regarding backporting to S10 - I handle that and we will not be doing a > full re-sync of functionality from 1.7 into S10, but I do take bits and > pieces of various fixes and backport those to S10. These are typically > driven by customer escalations requesting specific functionality. > > Hope that answers your question. Yes - thanx a lot. We decided to prototype on SXCE b129 - when everything works as we think it should, we know for sure, what's really missing and will open appropriate cases with support. Basic idea is, since we don't have an ADS yet and also no intention to introduce a dependency to it, to perhaps modify samba4 a little bit, so that we can use it as an ADS, which is backed by/slave of the real Solaris KDC+LDAP. The file sharing stuff should than be handled by ZFS's CIFS. That's why the PAC/SPNEGO question ... So a lot to do and probably needs 3+3 month to get ready for prod... Anyway, thanx a lot for your quick answer!!!, jel. -- Otto-von-Guericke University http://www.cs.uni-magdeburg.de/ Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2 39106 Magdeburg, Germany Tel: +49 391 67 12768
