[Mageia-dev] new samba-squid subpackage proporsal

Wed Aug 10 11:57:40 CEST 2011

On Friday, 5 August 2011 19:05:43 Luis Daniel Lucio Quiroz wrote:
+
+> That's what i was asking
+> to create a new subpckage  samba-helper-squid to stor ntlm_auth since
+> ntlm_auth is not linked with other lib it can stand by itself in a
+> independend subpackage to make a suggest from squid.
+
+??
+
+For a working solution, you need:
+-ntlm_auth (currently in samba-common)
+-winbindd (currently in samba-winbind)
+-net (to join the domain, currently in samba-common)
+-/etc/samba/smb.conf (currently in samba-common)
+
+Please compare the output of 'ldd /usr/bin/ntlm_auth /usr/sbin/winbindd 
+/usr/bin/net' and 'rpm -qR samba-common samba-winbind'. You will notice that 
+there are really no unnecessary dependencies:
+
+Let me do it for you:
+
+$ rpm -qR samba-common samba-winbind|awk -F '(' '/^lib/ {print $1}'|sort -u > 
+/tmp/samba-common-libs
+$ ldd /usr/bin/net /usr/bin/ntlm_auth /usr/sbin/winbindd | awk '/lib/ {print 
+$1}'|sort -u > /tmp/ntlm_auth_libs
+$ diff -u /tmp/samba-common-libs /tmp/ntlm_auth_libs 
+--- /tmp/samba-common-libs      2011-08-10 11:41:43.000000000 +0200
++++ /tmp/ntlm_auth_libs 2011-08-10 11:41:45.000000000 +0200
+@@ -1,18 +1,24 @@
++/lib64/ld-linux-x86-64.so.2
+ libcap.so.2
+ libcom_err.so.2
++libcrypto.so.1.0.0
+ libc.so.6
+ libdl.so.2
+ libgssapi_krb5.so.2
+ libk5crypto.so.3
+ libkrb5.so.3
++libkrb5support.so.0
+ liblber-2.4.so.2
+ libldap-2.4.so.2
++libncurses.so.5
+ libnsl.so.1
+-libpam.so.0
+ libpopt.so.0
++libpthread.so.0
+ libreadline.so.6
+ libresolv.so.2
+ librt.so.1
++libsasl2.so.2
++libssl.so.1.0.0
+ libtalloc.so.2
+ libtdb.so.1
+ libwbclient.so.0
+
+
+(All we find is that we could theoretically have ntlm_auth and winbindd 
+without libpam, but, well, you can't easily have a system without it anyway 
+...)
+
+Feel free to make squid suggest samba-winbind, but there is very little 
+benefit to splitting ntlm_auth out of samba-common. To use it for SSO against 
+AD, you will need /usr/bin/net to join the domain, and you will need an 
+smb.conf file. Both of these are in samba-common. Then you will probably need 
+samba-winbind for winbindd. About the only things we can do to have *any* 
+impact at all on the footprint of squid+ntlm_auth would be to:
+
+1)move rpcclient, smbcacls, smbcquotas and smbtree out of samba-common (e.g. 
+RH has these in samba-client, but these tools are more useful on servers than 
+e.g. smbspool, so I would prefer it to be a package that doesn't require 
+pulling in all the contents of samba-client)
+2)split winbindd/ntlm_auth/nss_winbind/pam_winbind (RH has winbindd and 
+nltm_auth in samba-winbind, and nss_winbind and pam_winbind in samba-winbind-
+clients). But, nss_winbind and pam_winbind together are under 100kB, and 
+winbindd is 7.8MB, so again there is little benefit.
+
+Nothing else makes any sense.
+
+But, since ntlm_auth is commonly used in at least 3 different scenarios with 3 
+different packages *in the distribution*, making a *squid-specific* package is 
+just ridiculous.
+
+I am open to useful, logical proposals, see above. However, there are some 
+issues (e.g. pam_winbind and nss_winbind aren't really that useful 
+individually, they are typically used together, hence RH shipping them 
+together in samba-winbind-clients), so please discuss the issues in advance, 
+after having at least having familiarised yourself with *all* the tools in 
+question.
+
+Regards,
+Buchan
+