KDC built in or out of smbd

Andrew Bartlett abartlet at samba.org
Tue Nov 29 22:16:47 GMT 2005


On Wed, 2005-11-30 at 09:09 +1100, Tim Potter wrote:
> On Wed, 2005-11-30 at 09:04 +1100, Andrew Bartlett wrote:
> 
> > As such, absent technologies like SELinux, there is little to be gained
> > from mandating a separate process for the various components, other than
> > administrator confusion, and posts to the list caused by failure to
> > start a particular service.
> 
> Last time this was discussed the option to hook in an external KDC, if
> there is one available on the network, was raised.  Is this still the
> case?

Yes and No... There is not currently any way to hook in an external KDC,
but we have shown that should an external KDC happen to share the same
database, simply disabling our KDC would suffice.  

(We did this when testing PAC theories:  we ran a Win2k3 KDC with
Samba4, and a shared database by means of samsync).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051130/c5f4ec4b/attachment.bin


More information about the samba-technical mailing list