[PATCH] keytab management for ADS mode.
Love
lha at stacken.kth.se
Tue Jan 27 07:55:51 GMT 2004
Rakesh Patel <rapatel at optonline.net> writes:
> While it may seem drastic to expect the host principal to be
> re-created and managed through Samba, it
> may be the best approach given it would be for a Win2K/AD environment
> with just the KDC externalized.
>
> I am assuming that MIT/Heimdal now support the same password changing
> protocol supported by Microsoft.
Heimdal will support ms change password protocol whenever 0.7 is released.
There is another problem with using keytab's to store longterm
credentials. Since microsoft have aliasing on the principal names
(host/computer at realm, HOST/computer at realm, computer$@REALM all the same),
that needs to be taken into account.
Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040127/f6a0f12c/attachment.bin
More information about the samba-technical
mailing list