RFC: Kerberos client support

Mayers, Philip J p.mayers at ic.ac.uk
Wed Oct 25 09:34:48 GMT 2000


I'm guessing something like:

A configure option "--with-smb-gssapi". This would then make Samba return
the "Extended security negotiation" bit in the smbnegprot response. We then
need to process the "opaque" blobs that the client passes... I'm hoping
they're just GSSAPI exchanges, in which case it might be fairly trivial. We
then take the username, and continue as before.

I suspect it won't be anywhere near that easy. In particular, SMB signing
and DCE/RPC security are likely to be extremely awkward...

On a related note - the CVS server is *damn* slow. I've tried to pull down
HEAD three times and had it fail. Any thoughts?

Regards,
Phil

+----------------------------------+
| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |
+----------------------------------+  

-----Original Message-----
From: Simo Sorce [mailto:simo.sorce at polimi.it]
Sent: 25 October 2000 11:16
To: Mayers, Philip J; samba-technical at samba.org
Subject: Re: RFC: Kerberos client support

As this may imply a partial or total rewrite of the passdb I'm
interested,
have you any ideas on how to insert this thing in samba?

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!




More information about the samba-technical mailing list