samba: Switch back to builtin Heimdal Kerberos

When not building with the experimental (!!) system MIT Kerberos, Samba will use the builtin Heimdal Kerberos. For this reason, enableKerberos = true will still include a krb5 implementation, built right into Samba. There is no benefit in using MIT krb5, however it has some downsides like not being able to assign computer GPOs [1]. The ArchWiki [2] also mentions this in their installation section. [1]: https://lists.samba.org/archive/samba/2018-July/216779.html [2]: https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller
author: Janne Heß <janne@hess.ooo> 2020-04-16 12:04:22 +0200
committer: Janne Heß <janne@hess.ooo> 2020-04-16 12:18:08 +0200
commit: a3bfbbf8a0d0d7109741ae55069a1f7df2c65147 (patch)
tree: 4230e183ad5cf0e835767af953f8e6c80fb441f9 /pkgs/servers/samba
parent: 342eaba9ebbc68923c1028a56be1c94e74862832 (diff)
download: nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar
nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.gz
nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.bz2
nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.lz
nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.xz
nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.zst
nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.zip
1 files changed, 3 insertions, 9 deletions
diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix
index 1d6951bb8c1..af2c2554502 100644
--- a/pkgs/servers/samba/4.x.nix
+++ b/pkgs/servers/samba/4.x.nix
@@ -30,7 +30,6 @@
 , enableProfiling ? true
 , enableMDNS ? false, avahi
 , enableDomainController ? false, gpgme, lmdb
-, enableKerberos ? true, krb5Full
 , enableRegedit ? true, ncurses
 , enableCephFS ? false, libceph
 , enableGlusterFS ? false, glusterfs, libuuid
@@ -91,7 +90,6 @@ stdenv.mkDerivation rec {
     ++ optional (enablePrinting && stdenv.isLinux) cups
     ++ optional enableMDNS avahi
     ++ optionals enableDomainController [ gpgme lmdb ]
-    ++ optional enableKerberos krb5Full
     ++ optional enableRegedit ncurses
     ++ optional (enableCephFS && stdenv.isLinux) libceph
     ++ optionals (enableGlusterFS && stdenv.isLinux) [ glusterfs libuuid ]
@@ -115,13 +113,9 @@ stdenv.mkDerivation rec {
     "--sysconfdir=/etc"
     "--localstatedir=/var"
     "--disable-rpath"
-  ] ++ singleton (if enableDomainController
-         then "--with-experimental-mit-ad-dc"
-         else "--without-ad-dc")
-    ++ optionals enableKerberos [
-    "--with-system-mitkrb5"
-    "--with-system-mitkdc=${krb5Full}"
-  ] ++ optionals (!enableLDAP) [
+  ] ++ optional (!enableDomainController)
+    "--without-ad-dc"
+  ++ optionals (!enableLDAP) [
     "--without-ldap"
     "--without-ads"
   ] ++ optional enableProfiling "--with-profiling-data"
author	Janne Heß <janne@hess.ooo>	2020-04-16 12:04:22 +0200
committer	Janne Heß <janne@hess.ooo>	2020-04-16 12:18:08 +0200
commit	a3bfbbf8a0d0d7109741ae55069a1f7df2c65147 (patch)
tree	4230e183ad5cf0e835767af953f8e6c80fb441f9 /pkgs/servers/samba
parent	342eaba9ebbc68923c1028a56be1c94e74862832 (diff)
download	nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.gz nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.bz2 nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.lz nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.xz nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.tar.zst nixpkgs-a3bfbbf8a0d0d7109741ae55069a1f7df2c65147.zip