Samba and Kerberos
abartlet at samba.org
Fri Jan 3 00:12:01 GMT 2003
On Fri, 2003-01-03 at 10:50, Steve Langasek wrote:
> Hi Kenneth,
> On Thu, Jan 02, 2003 at 03:38:47PM -0600, Kenneth Stephen wrote:
> > I am trying to understand the state of Samba using Kerberos
> > authentication. I see from a search on the web that ADS support is now
> > available in Samba, and presumably this uses an encrypted password
> > communicated over the network rather than the behaviour that was
> > previously available via the --with-krb5 flag. If so, would it not be a
> > matter of implementation (as opposed to it being technically infeasible)
> > to make sure that --with-krb5 now works with encrypted passwords? Can
> > someone clue me in as to this please?
> ADS-style Kerberos support only works when both client and server are
> Kerberos-aware, so such Kerberos "encrypted passwords" support would be
> limited to Win2K and WinXP clients. This is a question of technical
> feasibility, not of implementation.
> It appears that the --with-krb5 option is currently used in connection
> with exactly this feature, and that the previous plaintext Kerberos
> support has been dropped in 3.0.
It was dropped because that functionality is better implemented via
pam_krb5. A patch to re-instate this functionality as an auth module
will probably be accepted, if people really want it...
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030103/0bbc67b5/attachment.bin
More information about the samba-technical