client impersonation
Murali Bashyam
mbcoder at gmail.com
Thu Jun 1 03:25:13 GMT 2006
Is this doable for NTLM? For kerberos with delegation, i understand this is
feasible.
Murali
On 5/31/06, Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Wed, 2006-05-31 at 19:05 -0700, Murali Bashyam wrote:
> > Is there any way in samba3 to use a logged in user's access token and
> use it
> > for impersonation against a CIFS server (NTLM authentication and AD
> > environment) ? The session with the CIFS server has been authenticated
> based
> > on the identity of a privileged adminstrator who has full control on the
> > share.
> > If so, can someone point to relevant code?
>
> Some of this might be practical to handle with code based on Samba4's
> pass-though CIFS backend. However, the tricky part is getting the
> ticket: easy if you want to be the user, are using kerberos and have
> the server trusted for delegation (I've tested this), but I'm not sure
> about getting a ticket for another user (but I understand it may be
> possible).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iD8DBQBEflhEz4A8Wyi0NrsRAp6eAJ9qpv6m0wWOky3ZGN6KsUabKPhMiQCgpwLk
> jmv4OhpuOyZMgjxNScu1pEw=
> =LLSs
> -----END PGP SIGNATURE-----
>
>
>
More information about the samba-technical
mailing list