3
0
Fork 0
forked from mirrors/nixpkgs

samba: Switch back to builtin Heimdal Kerberos

When not building with the experimental (!!) system MIT Kerberos, Samba
will use the builtin Heimdal Kerberos. For this reason, enableKerberos =
true will still include a krb5 implementation, built right into Samba.

There is no benefit in using MIT krb5, however it has some downsides
like not being able to assign computer GPOs [1].

The ArchWiki [2] also mentions this in their installation section.

[1]: https://lists.samba.org/archive/samba/2018-July/216779.html
[2]: https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller
This commit is contained in:
Janne Heß 2020-04-16 12:04:22 +02:00
parent 342eaba9eb
commit a3bfbbf8a0
No known key found for this signature in database
GPG key ID: 69165158F05265DF

View file

@ -30,7 +30,6 @@
, enableProfiling ? true
, enableMDNS ? false, avahi
, enableDomainController ? false, gpgme, lmdb
, enableKerberos ? true, krb5Full
, enableRegedit ? true, ncurses
, enableCephFS ? false, libceph
, enableGlusterFS ? false, glusterfs, libuuid
@ -91,7 +90,6 @@ stdenv.mkDerivation rec {
++ optional (enablePrinting && stdenv.isLinux) cups
++ optional enableMDNS avahi
++ optionals enableDomainController [ gpgme lmdb ]
++ optional enableKerberos krb5Full
++ optional enableRegedit ncurses
++ optional (enableCephFS && stdenv.isLinux) libceph
++ optionals (enableGlusterFS && stdenv.isLinux) [ glusterfs libuuid ]
@ -115,13 +113,9 @@ stdenv.mkDerivation rec {
"--sysconfdir=/etc"
"--localstatedir=/var"
"--disable-rpath"
] ++ singleton (if enableDomainController
then "--with-experimental-mit-ad-dc"
else "--without-ad-dc")
++ optionals enableKerberos [
"--with-system-mitkrb5"
"--with-system-mitkdc=${krb5Full}"
] ++ optionals (!enableLDAP) [
] ++ optional (!enableDomainController)
"--without-ad-dc"
++ optionals (!enableLDAP) [
"--without-ldap"
"--without-ads"
] ++ optional enableProfiling "--with-profiling-data"