Machine account password interoperablity for Samba 3.0
secrets.tdb and keytabs
Andrew Bartlett
abartlet at samba.org
Tue Mar 25 11:41:19 GMT 2003
On Tue, 2003-03-25 at 22:36, Luke Howard wrote:
>
> >I really don't think that putting keytab code in to Samba is the right answer.
> >Do you really want to be in charge of modifying keytabs? This could get
> >quite complicate -- especially when you multiply the effort by the number of
> >possible encryption types...
>
> I don't think it's that complicated. It is not difficult to enumerate the
> supported encryption types. Moreover, there's no requirement that SAMBA use
> the same keytab as other applications, or that keytab support completely
> replace the secret store.
I agree that if Samba is changing the password for a particular kerberos
principal, then it should store the hashes in the keytab.
The idea of *finally* getting kerberos useful on real sites is just too
appealing :-)
Naturally, the original plaintext password should stay basically where
it is.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030325/b89fea1f/attachment.bin
More information about the samba-technical
mailing list