Status of Kerberos Support across Samba versions

Jeremy Allison jeremy at
Mon Apr 10 21:22:01 GMT 2000

Chris Young wrote:

> If Samba support Kerberos, does this mean that it actually support Kerberos
> TICKETS or does it just merely take the encrypted (or, most likely _plain
> text_) password and pass it on the the KDC for a yes or no?

Currently smbd takes the plaintext and passes it onto the KDC for a yes/no.

> If this IS the case, then what is the difference in this approach vs. using
> Kerberos PAM modules and configuring Samba to use PAM for authentication?

Just the API used. Not all UNIXs have PAM.

> Am I totally nuts and have this whole thing confused?  I'm just trying to
> understand what the keberos compile option get you.  Also, I read discussions
> regarding PAM support in Samba and I don't quite get how Samba utilizes this
> for authentication.  I would GREATLY appreciate someone in the know posting a
> good explanation of Samba/Kerberos integration and the basics of how it works.

You already have the correct idea. The real kerberos ticket
support (ie. using the tickets granted from a Win2k KDC) is
targeted for 3.0. We need to do more work on analysing the
packet format (Luke knows more about this) before implementing


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list