Samba as a gateway to OpenAFS
daniel_clark at us.ibm.com
Sun Aug 4 16:39:02 GMT 2002
I've put together a page on the OpenAFS Wiki - http://grand.central.
org/twiki/bin/view/AFSLore/SMBtoAFS - listing all of the Samba as an AFS
gateway projects I could find. Authors of the systems may want to look at
and edit the page to make sure I'm not inadvertently misrepresenting their
I also have two questions for Steve Holstead:
On Fri, May 24, 2002 at 10:44:54AM -0600, Steve Holstead wrote:
> Unfotunately, we have the need to offer AFS space to our users via SAMBA.
> In doing so, we have had to introduce a number of patches to accomplish
> this task. The methodology was discussed at the LISA 2000 conference re:
> The introduction of the fokstraut DB allowed us to store the plaintext
> password along with the HASH forms.
> I would like to say that since that time, I have introduced an additional
> module to re-authenticate those users who insist on not logging out. This
> module will ensure that their token sticks around.
> It is my intention to rid myself of the fokstraut DB by establishing a
> "trust" between the AFS server and my samba server such that I can get a
> token without having to send a clear text password. This will allow me to
> migrate all fokstraut DB records to the SAMBA password tdb.
> I am also working on a routine that ties into our password management
> functions (ie our krb5, krb4, and AFSkrb). This will enable the creation
> of a passwd tdb record which stays in sync with all the other passwd
> To re-phrase, I am trying to:
> 1. Get rid of AFS's need for plaintext passwords.
> 2. Establish a "registration" mechanism for new samba users and those
> change their passwords.
> 3. Turn on encrypted password support.
> The patches that will give you AFS support with plaintext turned on can
> found at www.ualberta.ca/~sholstea
What version of Samba are these patches against?
> The routines that will allow me to turn on encrypted pasword support for
> AFS users are still under developement.
More information about the samba-technical