AFS with Samba PDC
Johan Hedin
johanh at fusion.kth.se
Thu Sep 16 12:32:47 GMT 1999
We resently upgraded from NFS to AFS at our site. We have used Kerberos 4
(KTH-KRB) for a while now. For the Win95 clients, it's not a problem. Its
relatively easy to patch the clear text password Kerberos 4 support in
Samba to include AFS support as well. If no one done this, I will try to
get time to test and submit a patch doing this. However, to make the Samba
PDC AFS aware it's much more tricky. Has anyone done this? If not I have
two suggestion
1. Store the users Kerberos passwords as srvtabs on the local disk of the
Samba PDC, and then obtain a ticket after the NT password validation is
done.
2. Run the Samba PDC with an common AFS ticket on the local Samba machine,
turn off wide links and tell the intereseted users to set the ACL such
that Samba can read and write on their directories. In this scheme
users must be prevented from mounting each other's volumes in their
homes.
Comments?
The second issue is with the ticket lifetime. After the ticket has
expired, Samba should die forcing the NT machine to open a new connection
with a new ticket. This is not a problem for NT choosing the first scheme
above, but will be for the clear text password version.
Comments?
Johan Hedin
/---------------------------------------------------------------------\
| Johan Hedin | johanh at fusion.kth.se |
| Ph.D. Student and System Manager | http://www.fusion.kth.se/~johanh |
\---------------------------------------------------------------------/
More information about the samba-ntdom
mailing list