CVS update: samba/source

Andrew Bartlett abartlet at
Sun Nov 11 13:53:01 GMT 2001

"Gerald (Jerry) Carter" wrote:
> On Sun, 11 Nov 2001 abartlet at wrote:
> > This code is vunerable to a spoofed KDC, and is best replaced by
> > --with-pam and the pam_krb5 module.  This module includes measures to
> > prevent such spoofing.
> We'll see if anyone yells.  Please announce this on Samba at
> This does mean that non-PAM servers will not be able to authenticate
> non-Win2k clients against a Kerberos KDC, right?

Correct.  The code isn't hard to add back in, but I'll ask anybody who
does that to rework it to do a service ticket check, and to fit it in
with the new auth subsystem a little better.

I'll ping samba at

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Samba Team member, Build Farm maintainer        abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list