On Tue, 9 Apr 2019, Andrew Bartlett wrote:
> For builds with the (recommended) internal Heimdal Kerberos we do not
> require GnuTLS 3.4 because we have a fallback implementation against a
> the Heimdal crypto API.
Confirmed. This is what my (and most other) rhel7/centos7 builds are
using it seems.
[root at dc02 bin]# /usr/sbin/smbd -b|grep -i heim
SAMBA4_USES_HEIMDAL
(that's the right way to check, correct?)
> The 'requirement' probably came via the Fedora build which uses MIT
> Kerberos. No production builds should use MIT Kerberos for the AD DC
> as this remains an experimental configuration.
Interesting.. so RHEL8 might in fact be a different story.
> Finally, we do try and pick this kind of thing up at configure time.
> If a Samba build completes but it doesn't function at runtime then we
> consider that a bug. (With the proviso that we don't currently have a
> way to detect and fail on missing python packages).
Well, thank you for leaving those 'options' in place so people like me
(us) can use your great samba work on el7/centos7 derivatives. your
efforts and help are very much apreciated (speaking in my own name here).
> I hope this clarifies things,
Yes, thank you.
Vincent