Samba4 KDC progress

Matt Crawford crawdad at fnal.gov
Sun Jun 5 16:57:59 GMT 2005


> I promised I would keep the various lists informed as to our progress
> with the Samba4 KDC experiment.  (But if you feel this cross-posting is
> just noise, let me know).

Here's something that would make this more palatable in deployment at 
my site and, I presume, many others.  Perhaps there's no impediment to 
it already.

If the smbd-served realm contained only service principals and accepted 
cross authentication from the realm holding the user principals, 
filling in the Windowsish authorization from its own database, it would 
work the way our existing W2K realm works when users mount a share from 
a Mac or log in directly with their non-Windows principal.  Most of the 
custom hackery we've done would not be interfered with and would not 
have to be done over.


                 Matt Crawford   <crawdad at fnal.gov>
                 FNAL/CD/CCF/Wide Area Systems
                 +1 630 840 3461



More information about the samba-technical mailing list