[Mageia-dev] new samba-squid subpackage proporsal

Buchan Milne bgmilne at staff.telkomsa.net
Wed Aug 10 11:57:40 CEST 2011 

On Friday, 5 August 2011 19:05:43 Luis Daniel Lucio Quiroz wrote:

> That's what i was asking
> to create a new subpckage  samba-helper-squid to stor ntlm_auth since
> ntlm_auth is not linked with other lib it can stand by itself in a
> independend subpackage to make a suggest from squid.

??

For a working solution, you need:
-ntlm_auth (currently in samba-common)
-winbindd (currently in samba-winbind)
-net (to join the domain, currently in samba-common)
-/etc/samba/smb.conf (currently in samba-common)

Please compare the output of 'ldd /usr/bin/ntlm_auth /usr/sbin/winbindd 
/usr/bin/net' and 'rpm -qR samba-common samba-winbind'. You will notice that 
there are really no unnecessary dependencies:

Let me do it for you:

$ rpm -qR samba-common samba-winbind|awk -F '(' '/^lib/ {print $1}'|sort -u > 
/tmp/samba-common-libs
$ ldd /usr/bin/net /usr/bin/ntlm_auth /usr/sbin/winbindd | awk '/lib/ {print 
$1}'|sort -u > /tmp/ntlm_auth_libs
$ diff -u /tmp/samba-common-libs /tmp/ntlm_auth_libs 
--- /tmp/samba-common-libs      2011-08-10 11:41:43.000000000 +0200
+++ /tmp/ntlm_auth_libs 2011-08-10 11:41:45.000000000 +0200
@@ -1,18 +1,24 @@
+/lib64/ld-linux-x86-64.so.2
 libcap.so.2
 libcom_err.so.2
+libcrypto.so.1.0.0
 libc.so.6
 libdl.so.2
 libgssapi_krb5.so.2
 libk5crypto.so.3
 libkrb5.so.3
+libkrb5support.so.0
 liblber-2.4.so.2
 libldap-2.4.so.2
+libncurses.so.5
 libnsl.so.1
-libpam.so.0
 libpopt.so.0
+libpthread.so.0
 libreadline.so.6
 libresolv.so.2
 librt.so.1
+libsasl2.so.2
+libssl.so.1.0.0
 libtalloc.so.2
 libtdb.so.1
 libwbclient.so.0


(All we find is that we could theoretically have ntlm_auth and winbindd 
without libpam, but, well, you can't easily have a system without it anyway 
...)

Feel free to make squid suggest samba-winbind, but there is very little 
benefit to splitting ntlm_auth out of samba-common. To use it for SSO against 
AD, you will need /usr/bin/net to join the domain, and you will need an 
smb.conf file. Both of these are in samba-common. Then you will probably need 
samba-winbind for winbindd. About the only things we can do to have *any* 
impact at all on the footprint of squid+ntlm_auth would be to:

1)move rpcclient, smbcacls, smbcquotas and smbtree out of samba-common (e.g. 
RH has these in samba-client, but these tools are more useful on servers than 
e.g. smbspool, so I would prefer it to be a package that doesn't require 
pulling in all the contents of samba-client)
2)split winbindd/ntlm_auth/nss_winbind/pam_winbind (RH has winbindd and 
nltm_auth in samba-winbind, and nss_winbind and pam_winbind in samba-winbind-
clients). But, nss_winbind and pam_winbind together are under 100kB, and 
winbindd is 7.8MB, so again there is little benefit.

Nothing else makes any sense.

But, since ntlm_auth is commonly used in at least 3 different scenarios with 3 
different packages *in the distribution*, making a *squid-specific* package is 
just ridiculous.

I am open to useful, logical proposals, see above. However, there are some 
issues (e.g. pam_winbind and nss_winbind aren't really that useful 
individually, they are typically used together, hence RH shipping them 
together in samba-winbind-clients), so please discuss the issues in advance, 
after having at least having familiarised yourself with *all* the tools in 
question.

Regards,
Buchan

More information about the Mageia-dev mailing list