Kerberos authentication...

Kirk Bauer kirk at kaybee.org
Sun Oct 26 22:59:34 GMT 1997 

I previosly sent this to samba-bugs, but this is probably a much
more appropriate place...

We are trying to use Samba on a central server here at Georgia Tech to
allow printing to 50 printers scattered throughout residence halls all
over campus.  Over 6,000 residents would use this service.  We have a
WINS server that will allow them to access the print server, and all
they have to do is select the proper printer and mount it.

I know how to set samba up correctly.  We are also going to put a
shell script between Samba and lpr that will use Samba's "%u" variable
to find out who is printing and bill accordingly...

The only problem w/ this is that we would have to have an account
on the machine for all 6K+ residents.  This is not possible.  We need
to do authentication with the campus-wide Kerberos4 server instead.

We are running Red Hat Linux 4.2 on the server, so I am also looking
into the PAM approach.  If we can get PAM to use the Kerberos server
instead of /etc/passwd (for Samba auth requests at least), then it
would work great.  This is the most elegant solution, but I have
had little luck, and the PAM people are less than helpful.

So, do you guys know anybody who is using Kerberos4 authentication
under Samba?  Do you know a way to get Samba to directly use
Kerberos? 

I can provide source to a program that will take a user name and password
and check w/ the Kerberos server and return 0 or 1 accordingly.  This is
C source code, so you could possibly look into using it inside Samba...

I am thinking about hacking Samba myself and replacing the normal 
authentication process w/ the Kerberos authentication function.  I would
first like to know if:

   1)  There is a better way to add Kerberos besides hacking Samba code.
   2)  you have any tips for me if I attempt to hack the code myself...
   3)  one of you could hack the code real quick for me ;)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Kirk Bauer -- Georgia Tech -- kirk at kaybee.org <== Finger for PGP
   http://www.kaybee.org/~kirk/html        ResNet RTA

More information about the samba mailing list