client impersonation
Andrew Bartlett
abartlet at samba.org
Thu Jun 1 03:00:20 GMT 2006
On Wed, 2006-05-31 at 19:05 -0700, Murali Bashyam wrote:
> Is there any way in samba3 to use a logged in user's access token and use it
> for impersonation against a CIFS server (NTLM authentication and AD
> environment) ? The session with the CIFS server has been authenticated based
> on the identity of a privileged adminstrator who has full control on the
> share.
> If so, can someone point to relevant code?
Some of this might be practical to handle with code based on Samba4's
pass-though CIFS backend. However, the tricky part is getting the
ticket: easy if you want to be the user, are using kerberos and have
the server trusted for delegation (I've tested this), but I'm not sure
about getting a ticket for another user (but I understand it may be
possible).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060601/90998146/attachment.bin
More information about the samba-technical
mailing list