Kerberos authentication...
Kirk Bauer
kirk at kaybee.org
Sun Oct 26 22:59:34 GMT 1997
I previosly sent this to samba-bugs, but this is probably a much
more appropriate place...
We are trying to use Samba on a central server here at Georgia Tech to
allow printing to 50 printers scattered throughout residence halls all
over campus. Over 6,000 residents would use this service. We have a
WINS server that will allow them to access the print server, and all
they have to do is select the proper printer and mount it.
I know how to set samba up correctly. We are also going to put a
shell script between Samba and lpr that will use Samba's "%u" variable
to find out who is printing and bill accordingly...
The only problem w/ this is that we would have to have an account
on the machine for all 6K+ residents. This is not possible. We need
to do authentication with the campus-wide Kerberos4 server instead.
We are running Red Hat Linux 4.2 on the server, so I am also looking
into the PAM approach. If we can get PAM to use the Kerberos server
instead of /etc/passwd (for Samba auth requests at least), then it
would work great. This is the most elegant solution, but I have
had little luck, and the PAM people are less than helpful.
So, do you guys know anybody who is using Kerberos4 authentication
under Samba? Do you know a way to get Samba to directly use
Kerberos?
I can provide source to a program that will take a user name and password
and check w/ the Kerberos server and return 0 or 1 accordingly. This is
C source code, so you could possibly look into using it inside Samba...
I am thinking about hacking Samba myself and replacing the normal
authentication process w/ the Kerberos authentication function. I would
first like to know if:
1) There is a better way to add Kerberos besides hacking Samba code.
2) you have any tips for me if I attempt to hack the code myself...
3) one of you could hack the code real quick for me ;)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Kirk Bauer -- Georgia Tech -- kirk at kaybee.org <== Finger for PGP
http://www.kaybee.org/~kirk/html ResNet RTA
More information about the samba
mailing list