RFC: Kerberos client support

Nicolas Williams Nicolas.Williams at ubsw.com
Mon Oct 23 19:19:30 GMT 2000


On Oct 23 2000, gcarter wrote:
> "Mayers, Philip J" wrote:
> > 
> > Ok,
> > 
> > I've said several times that I'm going to look at 
> > implementing Kerberos client support in Samba, and now 
> > it's gotten to the point where it would be seriously useful 
> > to me. So, I'm going to start down a (probably long and
> > painful) road of research & development...
> > 
> > Before I start, is anyone else working on this, does anyone 
> > else want to cooperate, and if anyone has done 
> > any investigative work (and come up with "Too hard, we need X 
> > and Y and Z before that") then please let me know. The
> > mailing list would seem an appropriate place to discuss this?
> > 
> > What I'm talking about: Allowing Samba as a file-server to 
> > accept Kerberos/GSSAPI authentication from incoming client
> > connections, by accepting and supplying "extended security" 
> > in the SMB NegProt. This has nothing to do with PDC 
> > functionality, in the large-scale, although having
> > this infrastructure in place will probably be necessary 
> > for Native-mode Win2K support.
> 
> Phil,  What clients will be sending this information?

Dunno about Phil, but I'm guessing Windows 2000 clients :)

> Cheers, jerry


And it would be nice if smbclient/smbsh/smbfs supported the use of
GSS-API as well so they could be used in a native W2K environment.

Think of this as a requirement if you wish to deal with native W2K and
ActiveDirectory. GSS-API everywhere.

Nico
--




More information about the samba-technical mailing list