kerberos, nt and samba

[Seth Vidal]

I work at duke university and there are many folks who are trying to sort
out how to solve a perplexing situation.

1. We have a kerberos realm for the entire campus. Depts can use that with
their own local authentication mechanism to auth users and provide
services for them. Its Krb5 not 4.

2. We have nt machines that we would like authenticate via kerberos then
have them be able to mount drives on samba servers.

3. We do not want to have plaintext passwords enabled b/c its obvious
suboptimal for security. Additionally we might want to have an Samba-based
PDC and NT gets unhappy about talking to a PDC if plaintext is enabled.

Obviously samba can deal with the LMhash coming from the NT machines but
it can't then auth against krb5 w/o cracking the hash first.

Any ideas?
New Nt ginas?
looking for ways around this problem.

thanks
-sv