[PATCH] samba3-keytab

Steve Langasek vorlon at netexpress.net
Tue Sep 2 17:50:28 GMT 2003

On Tue, Sep 02, 2003 at 05:39:44PM +0000, Jeremy Allison wrote:
> On Tue, Sep 02, 2003 at 07:31:27PM +0200, Guenther Deschner wrote:
> > hi,
> > 
> > attached is my latest version of the keytab-patch for 3_0:

> Nice patch but I hate the docs I'm afraid. We need to explain
> what a keytab file is, and why you might want one.

> Remember, Microsoft makes this stuff *easy*. So does Samba
> with a keytab in the secrets.tdb (ie. people don't have to
> know it exists).

> If you want an external one please explain *why* in the docs.

If use of a keytab alone is now a viable option, why should it not be
used by *default* in place of secrets.tdb, with no explanation
necessary?  For those with Unix Kerberos experience who want this, we
don't have to be told why using a keytab is beneficial: storing the key
information in secrets.tdb may be more *automatic*, but I would hardly
call it *easier*. :)

All things being equal, creating a keytab that can be accessed directly
with the standard Unix Kerberos tools in the same directory as
secrets.tdb would be far friendlier than the current behavior, IMHO.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030902/4cb71659/attachment.bin

More information about the samba-technical mailing list