Current ideas on kerberos requirements for Samba4
Love Hörnquist Åstrand
lha at kth.se
Tue May 17 10:38:26 GMT 2005
"Wachdorf, Daniel R" <drwachd at sandia.gov> writes:
> I have a question regarding this. I submitted a bug on this a while back but it got closed due to lack of a fix.
> What if you have an environment where SMB clients will be from a kerberos
> realmA will be accessing a SAMBA share using kerberos auth which is a
> member of realmB. Testing of 3.0 revaled that SAMBA had a problem
> mapping the principal user at realmA into a username.
> Do you think adding a local_name support (much like
> krb5_aname_to_localname in MIT) to translate username kerberos principals
> of non-local kerberos realms into local account names.
Isn't this done with the Name Mapping ldap attribute
(altSecurityIdentities), samba doesn't support this, so use use a local
patch that adds a hard mapping between our Kerberos realm (heimdal) and AD.
> -----Original Message-----
> From: krbdev-bounces at mit.edu on behalf of Andrew Bartlett
> Sent: Mon 5/16/2005 9:36 AM
> To: krbdev at mit.edu; heimdal-discuss at sics.se; samba-technical at samba.org
> Cc: Michelle Escalante
> Subject: Current ideas on kerberos requirements for Samba4
> Just a quick note to let a few more people know that I am putting
> together a rough text document describing various things about kerberos.
> I'm sure parts are just complete fiction, but I'm still new to many
> parts of this game. :-)
> The idea is to write down the special things Samba4 will need from
> GSSAPI/Kerberos libraries and KDC implementations, however we end up
> producing things.
> The current version (updated from SVN) is at:
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050517/8aa85aba/attachment.bin
More information about the samba-technical