heimdal kerberos experts?
Sean Elble
S_Elble at yahoo.com
Wed Oct 17 17:33:02 GMT 2001
This may get slightly off-topic, but what exactly is implemented in head
right now, and what isn't? Of what is implemented, what is tested, and what
isn't? From what I've read, it sounds as though quite a bit has been done;
the major work areas that I see remaining are BDC support, replication, and
Windows 2000 AD support; would this be an accurate description of the
reality? If there is anything I can do to help test stuff out, please let me
know . . . willing to try out head on my home server in return for the
additional features 3.0 will give me. :-) Thanks, in advance.
--------------------------------------------
Sean P. Elble
Editor, Writer, Co-Webmaster
MaximumLinux.org
http://www.maximumlinux.org/
elbles at maximumlinux.org
--------------------------------------------
----- Original Message -----
From: "Andrew Tridgell" <tridge at samba.org>
To: <fallsjo at isk.kth.se>
Cc: <samba-technical at samba.org>
Sent: Wednesday, October 17, 2001 5:40 AM
Subject: Re: heimdal kerberos experts?
> Jocke,
>
> > I've done som work to integrate heimdal auth into samba, but teher are
> > som smaller problems still existing with the afs tokenhandling and I'm
> > out of time for now but I will try to reapply my patches to 2.2.2 and
> > clean up the code.
>
> Don't bother with kerberos in 2.2.2. The kerberos support in Samba
> 2.2.x is limited to taking a plaintext password from the wire and
> checking that with a KDC. That is completely different to the kerberos
> support in the Samba head branch (which will become Samba 3.0). In the
> head branch I have added proper kerberos support, where windows 2000
> and XP clients send us a kerberos ticket embedded in the SMB protocol
> and we validate that, thus giving single sign-on and integration with
> active directory.
>
> I committed the NTLMSSP support in smbd earlier today, and expect to
> be committing kerberos/spnego support in smbd tonight or
> tomorrow. Along with the client side kerberos and NTLMSSP support that
> gives us a good start on active directory authentication.
>
> Cheers, Tridge
More information about the samba-technical
mailing list