Opportunities for Samba4 based CIFS proxies
Andrew Bartlett
abartlet at samba.org
Thu Nov 3 11:29:25 GMT 2005
On Thu, 2005-11-03 at 11:05 +0100, Volker Lendecke wrote:
> On Wed, Nov 02, 2005 at 06:41:08PM +0100, Love wrote:
> > And even better, the store-afs-keyfile-in-ldb hack can go away,
> > assuming Heimdal and libkafs (or libkrbafs), and be replaced with:
>
> Assuming that all clients send us Kerberos tickets. What can we do if they fall
> back to ntlm?
Something that might be interesting is that Microsoft found the same
problem. Some aspect of Win2k3 apparently allows delegation regardless
of inbound authentication. How this is different to what we have here I
don't know, but it would be interesting to find out...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051103/13a4132f/attachment.bin
More information about the samba-technical
mailing list