Current ideas on kerberos requirements for Samba4

Love Hörnquist Åstrand lha at kth.se
Tue May 17 10:38:26 GMT 2005


"Wachdorf, Daniel R" <drwachd at sandia.gov> writes:

> I have a question regarding this.  I submitted a bug on this a while back but it got closed due to lack of a fix. 
>
> What if you have an environment where SMB clients will be from a kerberos
> realmA will be accessing a SAMBA share using kerberos auth which is a
> member of realmB.  Testing of 3.0 revaled that SAMBA had a problem
> mapping the principal user at realmA into a username.
>
> Do you think adding a local_name support (much like
> krb5_aname_to_localname in MIT) to translate username kerberos principals
> of non-local kerberos realms into local account names.

Isn't this done with the Name Mapping ldap attribute
(altSecurityIdentities), samba doesn't support this, so use use a local
patch that adds a hard mapping between our Kerberos realm (heimdal) and AD.

Love


>
> -dan
>
>
> -----Original Message-----
> From: krbdev-bounces at mit.edu on behalf of Andrew Bartlett
> Sent: Mon 5/16/2005 9:36 AM
> To: krbdev at mit.edu; heimdal-discuss at sics.se; samba-technical at samba.org
> Cc: Michelle Escalante
> Subject: Current ideas on kerberos requirements for Samba4
>  
> Just a quick note to let a few more people know that I am putting
> together a rough text document describing various things about kerberos.
> I'm sure parts are just complete fiction, but I'm still new to many
> parts of this game. :-)
>
> The idea is to write down the special things Samba4 will need from
> GSSAPI/Kerberos libraries and KDC implementations, however we end up
> producing things.
>
> The current version (updated from SVN) is at:
> http://samba.org/ftp/unpacked/samba4/source/auth/kerberos/kerberos-
> notes.txt
>
> Andrew Bartlett
> -- 
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050517/8aa85aba/attachment.bin


More information about the samba-technical mailing list