Samba as a gateway to OpenAFS

Daniel Clark/Cambridge/IBM daniel_clark at us.ibm.com
Sun Aug 4 16:39:02 GMT 2002 



I've put together a page on the OpenAFS Wiki - http://grand.central.
org/twiki/bin/view/AFSLore/SMBtoAFS - listing all of the Samba as an AFS
gateway projects I could find. Authors of the systems may want to look at
and edit the page to make sure I'm not inadvertently misrepresenting their
systems.

I also have two questions for Steve Holstead:

On Fri, May 24, 2002 at 10:44:54AM -0600, Steve Holstead wrote:

> Unfotunately, we have the need to offer AFS space to our users via SAMBA.
> In doing so, we have had to introduce a number of patches to accomplish
> this task. The methodology was discussed at the LISA 2000 conference re:
> http://www.usenix.org/events/lisa2000/full_papers/beck/beck_html/index.
html

> The introduction of the fokstraut DB allowed us to store the plaintext
> password along with the HASH forms.

> I would like to say that since that time, I have introduced an additional
> module to re-authenticate those users who insist on not logging out. This
> module will ensure that their token sticks around.

> It is my intention to rid myself of the fokstraut DB by establishing a
> "trust" between the AFS server and my samba server such that I can get a
> token without having to send a clear text password. This will allow me to
> migrate all fokstraut DB records to the SAMBA password tdb.

> I am also working on a routine that ties into our password management
> functions (ie our krb5, krb4, and AFSkrb). This will enable the creation
> of a passwd tdb record which stays in sync with all the other passwd
> records.

> To re-phrase, I am trying to:

> 1. Get rid of AFS's need for plaintext passwords.
> 2. Establish a "registration" mechanism for new samba users and those
that
>    change their passwords.
> 3. Turn on encrypted password support.

> The patches that will give you AFS support with plaintext turned on can
be
> found at www.ualberta.ca/~sholstea

What version of Samba are these patches against?

> The routines that will allow me to turn on encrypted pasword support for
> AFS users are still under developement.

More information about the samba-technical mailing list