Samba as a gateway to OpenAFS
Steve Langasek
vorlon at netexpress.net
Thu May 23 12:47:07 GMT 2002
On Thu, May 23, 2002 at 11:17:41AM +0200, Toens Bueker wrote:
> in order to make an easy migration from SMB-based fileservers to an
> OpenAFS-filesystem (in order to support various branch offices), I'd like to
> setup Samba as a gateway to OpenAFS.
> For unknown reasons documentation on this topic is a little thin. Furthermore
> the AFS-patches for Samba seem to be a little out of date (they don't even
> mention OpenAFS).
> I'm sure, that there are several people, who have accomplished to build such a
> gateway.
The primary reason why existing AFS+Samba stuff is so out-of-date is
that AFS security is quite incompatible with the password hashes used
when 'encrypted passwords = yes' is enabled, as must be the case for
Samba to work with all stock Windows clients since about 1997.
This leaves people wanting to implement Samba AFS gateways with three
choices:
- Create a gateway that only works with public, anonymous AFS resources.
- Create a gateway that allows authenticated access to the wonderful
world of secure AFS, but does so by sending plaintext passwords across
the network from the Windows client to the Samba server.
- (New option) Do a whole lot of work to integrate AFS with a Kerberos
realm that uses the same type of encryption as NT, à la Active
Directory.
Apparently, the AFS community hasn't been keen enough on any of these
options for anyone to be motivated to implement an open solution.
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020523/5031fdea/attachment.bin
More information about the samba-technical
mailing list