RFC: Kerberos client support
Nicolas.Williams at ubsw.com
Mon Oct 23 19:19:30 GMT 2000
On Oct 23 2000, gcarter wrote:
> "Mayers, Philip J" wrote:
> > Ok,
> > I've said several times that I'm going to look at
> > implementing Kerberos client support in Samba, and now
> > it's gotten to the point where it would be seriously useful
> > to me. So, I'm going to start down a (probably long and
> > painful) road of research & development...
> > Before I start, is anyone else working on this, does anyone
> > else want to cooperate, and if anyone has done
> > any investigative work (and come up with "Too hard, we need X
> > and Y and Z before that") then please let me know. The
> > mailing list would seem an appropriate place to discuss this?
> > What I'm talking about: Allowing Samba as a file-server to
> > accept Kerberos/GSSAPI authentication from incoming client
> > connections, by accepting and supplying "extended security"
> > in the SMB NegProt. This has nothing to do with PDC
> > functionality, in the large-scale, although having
> > this infrastructure in place will probably be necessary
> > for Native-mode Win2K support.
> Phil, What clients will be sending this information?
Dunno about Phil, but I'm guessing Windows 2000 clients :)
> Cheers, jerry
And it would be nice if smbclient/smbsh/smbfs supported the use of
GSS-API as well so they could be used in a native W2K environment.
Think of this as a requirement if you wish to deal with native W2K and
ActiveDirectory. GSS-API everywhere.
More information about the samba-technical