Samba and Kerberos
Andrew Bartlett
abartlet at samba.org
Fri Jan 3 00:12:01 GMT 2003
On Fri, 2003-01-03 at 10:50, Steve Langasek wrote:
> Hi Kenneth,
>
> On Thu, Jan 02, 2003 at 03:38:47PM -0600, Kenneth Stephen wrote:
>
> > I am trying to understand the state of Samba using Kerberos
> > authentication. I see from a search on the web that ADS support is now
> > available in Samba, and presumably this uses an encrypted password
> > communicated over the network rather than the behaviour that was
> > previously available via the --with-krb5 flag. If so, would it not be a
> > matter of implementation (as opposed to it being technically infeasible)
> > to make sure that --with-krb5 now works with encrypted passwords? Can
> > someone clue me in as to this please?
>
> ADS-style Kerberos support only works when both client and server are
> Kerberos-aware, so such Kerberos "encrypted passwords" support would be
> limited to Win2K and WinXP clients. This is a question of technical
> feasibility, not of implementation.
>
> It appears that the --with-krb5 option is currently used in connection
> with exactly this feature, and that the previous plaintext Kerberos
> support has been dropped in 3.0.
It was dropped because that functionality is better implemented via
pam_krb5. A patch to re-instate this functionality as an auth module
will probably be accepted, if people really want it...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030103/0bbc67b5/attachment.bin
More information about the samba-technical
mailing list