Opportunities for Samba4 based CIFS proxies

Andrew Bartlett abartlet at samba.org
Thu Nov 3 11:29:25 GMT 2005

On Thu, 2005-11-03 at 11:05 +0100, Volker Lendecke wrote:
> On Wed, Nov 02, 2005 at 06:41:08PM +0100, Love wrote:
> > And even better, the store-afs-keyfile-in-ldb hack can go away,
> > assuming Heimdal and libkafs (or libkrbafs), and be replaced with:
> Assuming that all clients send us Kerberos tickets. What can we do if they fall
> back to ntlm?

Something that might be interesting is that Microsoft found the same
problem.  Some aspect of Win2k3 apparently allows delegation regardless
of inbound authentication.  How this is different to what we have here I
don't know, but it would be interesting to find out...

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051103/13a4132f/attachment.bin

More information about the samba-technical mailing list