client impersonation

Andrew Bartlett abartlet at samba.org
Thu Jun 1 03:00:20 GMT 2006


On Wed, 2006-05-31 at 19:05 -0700, Murali Bashyam wrote:
> Is there any way in samba3 to use a logged in user's access token and use it
> for impersonation against a CIFS server (NTLM authentication and AD
> environment) ? The session with the CIFS server has been authenticated based
> on the identity of a privileged adminstrator who has full control on the
> share.
> If so, can someone point to relevant code?

Some of this might be practical to handle with code based on Samba4's
pass-though CIFS backend.  However, the tricky part is getting the
ticket:  easy if you want to be the user, are using kerberos and have
the server trusted for delegation (I've tested this), but I'm not sure
about getting a ticket for another user (but I understand it may be
possible).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060601/90998146/attachment.bin


More information about the samba-technical mailing list