Current ideas on kerberos requirements for Samba4

Alan DeKok aland at ox.org
Tue May 24 17:15:57 GMT 2005


"James F. Hranicky" <jfh at cise.ufl.edu> wrote:
> I don't know the intimate details of what AD clients expect from an AD 
> controller, but I wonder if perhaps the requirements could be addressed 
> by a meta-smbd of sorts? The meta-smbd acts as an AD controller, but 
> passes off requests for various services to the respective daemons, 

  Except that AD requires that the other protocols talk to each other,
too.  That is, they *all* share a common data set, and each protocol
must server a view of the database, and that view must be consistent
across all protocols.  This integration means that much of the
internal state of each daemon must be exposed to others, and must be
modifiable by others.

  If we had a "uber-DB" underlying all of the daemons, this would be
easy.  This is the implementation Microsoft has, which influenced
their design.  I don't know if it was intentional, but the endless
protocol integration makes it much more difficult for Samba to
inter-operate with AD.

  Alan DeKok.


More information about the samba-technical mailing list