Kerberos and security=user
Andrew Bartlett
abartlet at samba.org
Wed May 18 14:27:39 GMT 2005
On Wed, 2005-05-18 at 15:31 +0200, Mark Proehl wrote:
> Hi Andrew,
>
> I have tested your patch (applied against 3.0.14a) with XP (SP1 and SP2)
> in a MIT and a Heimdal realm. It's working perfectly.
>
> By setting "security = ads" and using an unpatched Samba server,
> I am able to do Kerberos authentication in an MIT realm in the same
> way. What ist the advantage of "security = user" in such an environment?
You could run a Samba PDC, that also accepted kerberos connections from
unix clients. You also don't have samba confused into thinking it
should be doing all sorts of domain member things.
> Will future Samba release include this patch?
This is the intention, yes.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050519/c5741338/attachment.bin
More information about the samba-technical
mailing list