samba + w2k + kerberos + trusted realm

Steve Langasek vorlon at
Fri Feb 28 20:09:32 GMT 2003

On Fri, Feb 28, 2003 at 05:26:56AM +0100, Love wrote:

> - Using a keytab file would solve the problem below. Using /etc/krb5.keytab
> is bad idea, how about a own keytab for samba ? Doing hoops of strace stuff
> seems, well, strange.

Why is using /etc/krb5.keytab a bad idea?  The only reason I've ever seen
for using separate keytabs is if you want different services to run in
separate security contexts.  Samba has to run as root, so
/etc/krb5.keytab seems appropriate to me (as much as any keytab is
appropriate -- there seem to still be some issues with using the keytab
at all).

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list