Samba as a gateway to OpenAFS

Andrew Bartlett abartlet at
Wed May 29 14:28:04 GMT 2002

Love wrote:
> Andrew Bartlett <abartlet at> writes:
> > > > I see no reason why this would not be possible.  We would need to do a
> > > > little bit of work on the smbd side of things, but credential forwarding
> > > > is pretty standard.  This assumes either a AD domain, or Samba modified
> > > > to correctlly function with krb5 but without AD (which also implies
> > > > windows clients joined to such a domain).
> > >
> > > So, so how do you tell the client to forward creds to the fileserver, and
> > > can you chose want creds you want to forward ?
> >
> > This assumes krb5, where this is all quite standard.
> Sure, but the question is if there any provision make for this within
> SMB/CIFS ? Doing it out of band make it quite a lot harder, since the all
> (smb) clients need to have a program that forward their creds to the
> server.

MS added krb5 to CIFS.  It is one of the major pillers of 'Active
Directory'.  Samba 3.0 has support for kerberos authenticated clients.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list