Kerberos and security=user

Andrew Bartlett abartlet at samba.org
Wed May 18 14:27:39 GMT 2005


On Wed, 2005-05-18 at 15:31 +0200, Mark Proehl wrote:
> Hi Andrew,
> 
> I have tested your patch (applied against 3.0.14a) with XP (SP1 and SP2)
> in a MIT and a Heimdal realm. It's working perfectly.
> 
> By setting "security = ads" and using an unpatched Samba server, 
> I am able to do Kerberos authentication in an MIT realm in the same 
> way. What ist the advantage of "security = user" in such an environment?

You could run a Samba PDC, that also accepted kerberos connections from
unix clients.  You also don't have samba confused into thinking it
should be doing all sorts of domain member things.

> Will future Samba release include this patch?

This is the intention, yes.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050519/c5741338/attachment.bin


More information about the samba-technical mailing list