client impersonation

Andrew Bartlett abartlet at
Thu Jun 1 03:00:20 GMT 2006

On Wed, 2006-05-31 at 19:05 -0700, Murali Bashyam wrote:
> Is there any way in samba3 to use a logged in user's access token and use it
> for impersonation against a CIFS server (NTLM authentication and AD
> environment) ? The session with the CIFS server has been authenticated based
> on the identity of a privileged adminstrator who has full control on the
> share.
> If so, can someone point to relevant code?

Some of this might be practical to handle with code based on Samba4's
pass-though CIFS backend.  However, the tricky part is getting the
ticket:  easy if you want to be the user, are using kerberos and have
the server trusted for delegation (I've tested this), but I'm not sure
about getting a ticket for another user (but I understand it may be

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list