Kerberos and security=user
Mark Proehl
m.proehl at science-computing.de
Wed May 18 13:31:42 GMT 2005
Hi Andrew,
I have tested your patch (applied against 3.0.14a) with XP (SP1 and SP2)
in a MIT and a Heimdal realm. It's working perfectly.
By setting "security = ads" and using an unpatched Samba server,
I am able to do Kerberos authentication in an MIT realm in the same
way. What ist the advantage of "security = user" in such an environment?
Will future Samba release include this patch?
Thanks.
Mark
Am Freitag 22 April 2005 16:00 schrieb Andrew Bartlett:
> Some sites have managed to run kerberos against Heimdal or MIT, and have
> windows/linux/mac clients 'play nice' with it, and it would be good if
> this did not require the admin to set Samba into 'security=ads' mode.
>
> This untested, and potentially unwise patch allows this. The section
> changing the principal name we return in the negprot may not be the best
> thing to do here however. (instead, the machine$@REALM could also be
> added to the keytab).
>
> Andrew Bartlett
More information about the samba-technical
mailing list