Status of Kerberos Support across Samba versions
Jeremy Allison
jeremy at valinux.com
Mon Apr 10 21:22:01 GMT 2000
Chris Young wrote:
> If Samba support Kerberos, does this mean that it actually support Kerberos
> TICKETS or does it just merely take the encrypted (or, most likely _plain
> text_) password and pass it on the the KDC for a yes or no?
Currently smbd takes the plaintext and passes it onto the KDC for a yes/no.
> If this IS the case, then what is the difference in this approach vs. using
> Kerberos PAM modules and configuring Samba to use PAM for authentication?
Just the API used. Not all UNIXs have PAM.
> Am I totally nuts and have this whole thing confused? I'm just trying to
> understand what the keberos compile option get you. Also, I read discussions
> regarding PAM support in Samba and I don't quite get how Samba utilizes this
> for authentication. I would GREATLY appreciate someone in the know posting a
> good explanation of Samba/Kerberos integration and the basics of how it works.
You already have the correct idea. The real kerberos ticket
support (ie. using the tickets granted from a Win2k KDC) is
targeted for 3.0. We need to do more work on analysing the
packet format (Luke knows more about this) before implementing
this.
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list