diff options
author | Janne Heß <janne@hess.ooo> | 2020-04-16 12:04:22 +0200 |
---|---|---|
committer | Janne Heß <janne@hess.ooo> | 2020-04-16 12:18:08 +0200 |
commit | a3bfbbf8a0d0d7109741ae55069a1f7df2c65147 (patch) | |
tree | 4230e183ad5cf0e835767af953f8e6c80fb441f9 /pkgs/servers/samba | |
parent | 342eaba9ebbc68923c1028a56be1c94e74862832 (diff) | |
download | nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.gz nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.bz2 nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.lz nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.xz nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.zst nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.zip |
samba: Switch back to builtin Heimdal Kerberos
When not building with the experimental (!!) system MIT Kerberos, Samba will use the builtin Heimdal Kerberos. For this reason, enableKerberos = true will still include a krb5 implementation, built right into Samba. There is no benefit in using MIT krb5, however it has some downsides like not being able to assign computer GPOs [1]. The ArchWiki [2] also mentions this in their installation section. [1]: https://lists.samba.org/archive/samba/2018-July/216779.html [2]: https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller
Diffstat (limited to 'pkgs/servers/samba')
-rw-r--r-- | pkgs/servers/samba/4.x.nix | 12 |
1 files changed, 3 insertions, 9 deletions
diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix index 1d6951bb8c1..af2c2554502 100644 --- a/pkgs/servers/samba/4.x.nix +++ b/pkgs/servers/samba/4.x.nix @@ -30,7 +30,6 @@ , enableProfiling ? true , enableMDNS ? false, avahi , enableDomainController ? false, gpgme, lmdb -, enableKerberos ? true, krb5Full , enableRegedit ? true, ncurses , enableCephFS ? false, libceph , enableGlusterFS ? false, glusterfs, libuuid @@ -91,7 +90,6 @@ stdenv.mkDerivation rec { ++ optional (enablePrinting && stdenv.isLinux) cups ++ optional enableMDNS avahi ++ optionals enableDomainController [ gpgme lmdb ] - ++ optional enableKerberos krb5Full ++ optional enableRegedit ncurses ++ optional (enableCephFS && stdenv.isLinux) libceph ++ optionals (enableGlusterFS && stdenv.isLinux) [ glusterfs libuuid ] @@ -115,13 +113,9 @@ stdenv.mkDerivation rec { "--sysconfdir=/etc" "--localstatedir=/var" "--disable-rpath" - ] ++ singleton (if enableDomainController - then "--with-experimental-mit-ad-dc" - else "--without-ad-dc") - ++ optionals enableKerberos [ - "--with-system-mitkrb5" - "--with-system-mitkdc=${krb5Full}" - ] ++ optionals (!enableLDAP) [ + ] ++ optional (!enableDomainController) + "--without-ad-dc" + ++ optionals (!enableLDAP) [ "--without-ldap" "--without-ads" ] ++ optional enableProfiling "--with-profiling-data" |