Crazy ideas about Kerberos, NTLM and PACs... (was NTLMSSP...)

Luke Howard lukeh at PADL.COM
Mon Nov 19 00:33:02 GMT 2001

>>In the event we get to creating the PAC, I think this should be done via
>>a simple call-back, the kerberos server should use a similar protocol to
>>obtain a PAC from *any* PAC providing service, not just Samba.  The idea

I guess my implicit point is that, once you go down the road of trying
to emulate Active Directory, you are so tied into their information
model that (let alone client protocol dependencies) implementing it
_without_ an LDAP server is essentially impossible.

Thus, suitable abstraction notwithstanding, it makes sense for the
KDC, LSA, and SAM servers to talk to the LDAP server directly.

-- Luke

Luke Howard |
PADL Software |

More information about the samba-technical mailing list