Samba as a gateway to OpenAFS
abartlet at pcug.org.au
Wed May 29 06:36:54 GMT 2002
> Andrew Bartlett <abartlet at pcug.org.au> writes:
> > > > > > 1. Get rid of AFS's need for plaintext passwords.
> > > Ah, of course credential forwarding/proxying would be a requirement for
> > > making this work without giving the gateway special privileges; I'd
> > > completely overlooked that. I'm afraid I don't know the answer, though.
> > > Perhaps someone currently doing Samba 3.0 work has run into this and can
> > > say?
> > I see no reason why this would not be possible. We would need to do a
> > little bit of work on the smbd side of things, but credential forwarding
> > is pretty standard. This assumes either a AD domain, or Samba modified
> > to correctlly function with krb5 but without AD (which also implies
> > windows clients joined to such a domain).
> So, so how do you tell the client to forward creds to the fileserver, and
> can you chose want creds you want to forward ?
This assumes krb5, where this is all quite standard.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical