Machine account password interoperablity for Samba 3.0
secrets.tdb and keytabs
Andrew Bartlett
abartlet at samba.org
Fri Mar 21 22:21:45 GMT 2003
On Sat, 2003-03-22 at 09:13, Luke Howard wrote:
>
> >Yes. This is a problem. In the past I have favored a 'krb5 keytab
> >write' option that would write our password out into the standard
> >keytab, but there were good reasons not to. The problem is, I can't
> >remember what they were. Mostly 'if somebody changed our password under
> >us' stuff.
>
> Hmm, why would this be a problem? (I mean, I can understand it would be
> a problem if it happened while SAMBA was running, but keytabs tend to be
> fairly static...)
Yes - I think the benefit (getting real kerberos authentication working
on unix in ADS) outweighs the 'risk' here.
Now, all somebody needs to do is write up the patch or dig one up that's
already done...
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030322/c3683b98/attachment.bin
More information about the samba-technical
mailing list