Samba as a gateway to OpenAFS
Andrew Bartlett
abartlet at pcug.org.au
Wed May 29 06:36:54 GMT 2002
Love wrote:
>
> Andrew Bartlett <abartlet at pcug.org.au> writes:
>
> > > > > > 1. Get rid of AFS's need for plaintext passwords.
> [....]
> > > Ah, of course credential forwarding/proxying would be a requirement for
> > > making this work without giving the gateway special privileges; I'd
> > > completely overlooked that. I'm afraid I don't know the answer, though.
> > > Perhaps someone currently doing Samba 3.0 work has run into this and can
> > > say?
> >
> > I see no reason why this would not be possible. We would need to do a
> > little bit of work on the smbd side of things, but credential forwarding
> > is pretty standard. This assumes either a AD domain, or Samba modified
> > to correctlly function with krb5 but without AD (which also implies
> > windows clients joined to such a domain).
>
> So, so how do you tell the client to forward creds to the fileserver, and
> can you chose want creds you want to forward ?
This assumes krb5, where this is all quite standard.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list