Samba4 KDC progress
mschwartz at dcscorp.net
Sun Jun 5 17:09:07 GMT 2005
Some users will not have a setup as customized as the one listed below.
Why not include an option to allow smbd-served realms to contain service
principals only. I know my needs would be severely hampered if all I
could have were only service principals. Finally, what about users
wishing to go totally Micro$oft free: that would necessitate an
smbd-served realm to host all types of principles.
Matt Crawford wrote:
>> I promised I would keep the various lists informed as to our progress
>> with the Samba4 KDC experiment. (But if you feel this cross-posting is
>> just noise, let me know).
> Here's something that would make this more palatable in deployment at
> my site and, I presume, many others. Perhaps there's no impediment to
> it already.
> If the smbd-served realm contained only service principals and
> accepted cross authentication from the realm holding the user
> principals, filling in the Windowsish authorization from its own
> database, it would work the way our existing W2K realm works when
> users mount a share from a Mac or log in directly with their
> non-Windows principal. Most of the custom hackery we've done would
> not be interfered with and would not have to be done over.
> Matt Crawford <crawdad at fnal.gov>
> FNAL/CD/CCF/Wide Area Systems
> +1 630 840 3461
More information about the samba-technical