challenge/response (WINBINDD_PAM_AUTH_CRAP) from pam_winbind?
Andrew Bartlett
abartlet at samba.org
Thu Sep 25 22:41:23 GMT 2003
On Fri, 2003-09-26 at 02:36, Steve Smtih wrote:
> How come WINBINDD_PAM_AUTH_CRAP exists, but
> pam_winbind can not be configured to use it?
No need - pam_winbind has the plaintext password already. What this is
about is things like Squid using ntlm_auth to do NTLMSSP authentication
for their clients.
> Also is it on the roadmap to allow Kerberos
> authentication instead of plaintext or chal/resp from pam_winbind?
Kerberos is a separate matter, but you should be able to simply aim
pam_krb5 (if you want to get local kerberos tickets/ccache) at the PDC,
and export our kerberos credentials to a keytab. (I think this is now
in 'net keytab' or an smb.conf option now, or should be soon...)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030925/22cefc85/attachment.bin
More information about the samba-technical
mailing list