Samba as a gateway to OpenAFS

Steve Langasek vorlon at netexpress.net
Thu May 23 12:47:07 GMT 2002


On Thu, May 23, 2002 at 11:17:41AM +0200, Toens Bueker wrote:

> in order to make an easy migration from SMB-based fileservers to an
> OpenAFS-filesystem (in order to support various branch offices), I'd like to
> setup Samba as a gateway to OpenAFS.

> For unknown reasons documentation on this topic is a little thin. Furthermore
> the AFS-patches for Samba seem to be a little out of date (they don't even
> mention OpenAFS).

> I'm sure, that there are several people, who have accomplished to build such a
> gateway.

The primary reason why existing AFS+Samba stuff is so out-of-date is
that AFS security is quite incompatible with the password hashes used
when 'encrypted passwords = yes' is enabled, as must be the case for
Samba to work with all stock Windows clients since about 1997.

This leaves people wanting to implement Samba AFS gateways with three
choices:

- Create a gateway that only works with public, anonymous AFS resources.

- Create a gateway that allows authenticated access to the wonderful
  world of secure AFS, but does so by sending plaintext passwords across
  the network from the Windows client to the Samba server.

- (New option) Do a whole lot of work to integrate AFS with a Kerberos
  realm that uses the same type of encryption as NT, à la Active
  Directory.

Apparently, the AFS community hasn't been keen enough on any of these
options for anyone to be motivated to implement an open solution.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020523/5031fdea/attachment.bin


More information about the samba-technical mailing list