Samba and Kerberos

Steve Langasek vorlon at
Thu Jan 2 23:51:00 GMT 2003

Hi Kenneth,

On Thu, Jan 02, 2003 at 03:38:47PM -0600, Kenneth Stephen wrote:

> 	I am trying to understand the state of Samba using Kerberos
> authentication. I see from a search on the web that ADS support is now
> available in Samba, and presumably this uses an encrypted password
> communicated over the network rather than the behaviour that was
> previously available via the --with-krb5 flag. If so, would it not be a
> matter of implementation (as opposed to it being technically infeasible)
> to make sure that --with-krb5 now works with encrypted passwords? Can
> someone clue me in as to this please?

ADS-style Kerberos support only works when both client and server are
Kerberos-aware, so such Kerberos "encrypted passwords" support would be
limited to Win2K and WinXP clients.  This is a question of technical
feasibility, not of implementation.

It appears that the --with-krb5 option is currently used in connection
with exactly this feature, and that the previous plaintext Kerberos
support has been dropped in 3.0.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list