heimdal kerberos experts?
Andrew Tridgell
tridge at samba.org
Wed Oct 17 02:41:04 GMT 2001
Jocke,
> I've done som work to integrate heimdal auth into samba, but teher are
> som smaller problems still existing with the afs tokenhandling and I'm
> out of time for now but I will try to reapply my patches to 2.2.2 and
> clean up the code.
Don't bother with kerberos in 2.2.2. The kerberos support in Samba
2.2.x is limited to taking a plaintext password from the wire and
checking that with a KDC. That is completely different to the kerberos
support in the Samba head branch (which will become Samba 3.0). In the
head branch I have added proper kerberos support, where windows 2000
and XP clients send us a kerberos ticket embedded in the SMB protocol
and we validate that, thus giving single sign-on and integration with
active directory.
I committed the NTLMSSP support in smbd earlier today, and expect to
be committing kerberos/spnego support in smbd tonight or
tomorrow. Along with the client side kerberos and NTLMSSP support that
gives us a good start on active directory authentication.
Cheers, Tridge
More information about the samba-technical
mailing list