Opportunities for Samba4 based CIFS proxies

Love lha at kth.se
Thu Nov 3 18:27:33 GMT 2005

Volker Lendecke <Volker.Lendecke at SerNet.DE> writes:

> On Thu, Nov 03, 2005 at 01:16:36PM +0100, Love wrote:
>> > Assuming that all clients send us Kerberos tickets. What can we do if
>> > they fall back to ntlm?
>> Seems to be an excellent time to stop using NTLM :)
> Hmmmm. But what do you do with the existing clients such as NT4, Win9x?

For those sites that want less scaryness and don't run legacy products,
using delegated credentials excellent and wonderful upgrade.

> I'm not aware of any extension that would allow these systems to send
> Kerberos tickets. 

You should look closer at S4U2Self.

> And I'm coming across a lot of NT4 domains. I think it
> would not be wise to drop support for these environments.

I'm not proposing droping support, just not make it the only option for
those that don't need it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 477 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051103/b0764175/attachment.bin

More information about the samba-technical mailing list