Kerberos and security=user

Andrew Bartlett abartlet at
Wed May 18 14:27:39 GMT 2005

On Wed, 2005-05-18 at 15:31 +0200, Mark Proehl wrote:
> Hi Andrew,
> I have tested your patch (applied against 3.0.14a) with XP (SP1 and SP2)
> in a MIT and a Heimdal realm. It's working perfectly.
> By setting "security = ads" and using an unpatched Samba server, 
> I am able to do Kerberos authentication in an MIT realm in the same 
> way. What ist the advantage of "security = user" in such an environment?

You could run a Samba PDC, that also accepted kerberos connections from
unix clients.  You also don't have samba confused into thinking it
should be doing all sorts of domain member things.

> Will future Samba release include this patch?

This is the intention, yes.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list