samba + w2k + kerberos + trusted realm
Love
lha at stacken.kth.se
Sun Mar 2 00:44:22 GMT 2003
Steve Langasek <vorlon at netexpress.net> writes:
> On Fri, Feb 28, 2003 at 05:26:56AM +0100, Love wrote:
>
>> - Using a keytab file would solve the problem below. Using /etc/krb5.keytab
>> is bad idea, how about a own keytab for samba ? Doing hoops of strace stuff
>> seems, well, strange.
>
> Why is using /etc/krb5.keytab a bad idea? The only reason I've ever seen
> for using separate keytabs is if you want different services to run in
> separate security contexts. Samba has to run as root, so
> /etc/krb5.keytab seems appropriate to me (as much as any keytab is
> appropriate -- there seem to still be some issues with using the keytab
> at all).
What is it that limit samba to root ? When I use samba with afs beeing root
will certenly not help samba access files, what else do samba need.
This is not what I free is the important part of my mail. And the only
reason why I did the comment was that the comment in the samba code that
did hoops to store the key in the auth context instead of just using a
keytab.
Love
More information about the samba-technical
mailing list