Authentication through transitive trusts

Richard Sharpe rsharpe at richardsharpe.com
Sat Jul 19 03:16:43 GMT 2003


On Fri, 18 Jul 2003, Ken Cross wrote:

> Andrew et al:
> 
> Keep in mind that the origin of this issue was the fact that transitive
> trusts weren't being followed.
> 
> I speculated that it was because Kerberos authentication wasn't being
> performed.  I don't know that for a fact, but it seams reasonable.  

You are absolutely correct here. Samba responds in a way that forces the 
client to go straight to NTLMSSP rather than using the offered KRB5.
 
> If that is the cause, then wouldn't "fixing up the kerberos case" be the
> only solution?

Correct. However, we have to figure out what we are doing wrong in the 
NegProt response that causes the client to ignore the offered KRB5.

Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com




More information about the samba-technical mailing list