Samba4 KDC progress

Matt Schwartz mschwartz at
Sun Jun 5 17:09:07 GMT 2005

Some users will not have a setup as customized as the one listed below.  
Why not include an option to allow smbd-served realms to contain service 
principals only.  I know my needs would be severely hampered if all I 
could have were only service principals.  Finally, what about users 
wishing to go totally Micro$oft free:  that would necessitate an 
smbd-served realm to host all types of principles.

Matt Crawford wrote:

>> I promised I would keep the various lists informed as to our progress
>> with the Samba4 KDC experiment.  (But if you feel this cross-posting is
>> just noise, let me know).
> Here's something that would make this more palatable in deployment at 
> my site and, I presume, many others.  Perhaps there's no impediment to 
> it already.
> If the smbd-served realm contained only service principals and 
> accepted cross authentication from the realm holding the user 
> principals, filling in the Windowsish authorization from its own 
> database, it would work the way our existing W2K realm works when 
> users mount a share from a Mac or log in directly with their 
> non-Windows principal.  Most of the custom hackery we've done would 
> not be interfered with and would not have to be done over.
>                 Matt Crawford   <crawdad at>
>                 FNAL/CD/CCF/Wide Area Systems
>                 +1 630 840 3461

More information about the samba-technical mailing list