Whose kerb and LDAP? [Was: Re: Samba as BDC in windows domain?]

Steve Langasek vorlon at netexpress.net
Wed Jun 12 11:17:03 GMT 2002

On Wed, Jun 12, 2002 at 10:25:42AM +0100, David Lee wrote:
> But the Windows/PC folk were worried (and I think I share this) about the
> ability of AD to interwork (be implemented by?) third party LDAP/Kerberos.
> In *theory*, AD is supposed to be compliant with LDAP and Kerberos, isn't
> it?  But we had nagging doubts about the Microsoft *reality* of this, and
> were very concerned that we could end up spending vast amounts of time,
> energy and worry, including user frustration etc., chasing the "well it
> depends what you mean by compliant" grey areas.  (Yes, we been sucked into
> the pragmatic realities of selling our soul to Seattle.)

As far as that's concerned, Microsoft does implement Kerberos
authentication and cross-realm trust relationships in a manner
compatible with the RFCs and interoperable with pre-existing KRB5
implementations.  It's only the manner in which AD member servers
acquire group membership information about users that has presented a
snag for Unix interop.

> Am I digressing from Samba here?  At first sight, yes.  But we'll need
> Samba to interoperate with this

Inasmuch as I consider samba-technical a forum for discussion of
cutting-edge Windows-Unix integration issues, it doesn't seem offtopic
to me. :)

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020612/b296e145/attachment.bin

More information about the samba-technical mailing list