[OpenAFS] status of samba serving AFS file space? other non-native windows access?

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Oct 18 06:19:03 GMT 2006


On Tue, Oct 17, 2006 at 05:02:47PM -0400, Jeffrey Altman wrote:
> > And, Samba can nowadays be configured to accept kerberos
> > tickets even without being an ADS member, but Windows
> > clients will not appreciate this. But that's just Windows.
> 
> This discussion is specifically related to Windows client access to
> AFS.  Since Windows CIFS clients won't talk Kerberos to Samba if you
> want to authenticate the users against the Kerberos database you must
> configure the Windows clients to send username and password in the
> clear so that Samba can perform the equivalent of a kinit operation.

Ok, sorry, then I just misunderstood you. I thought you were
talking about the --fake-kaserver option of Samba instead of
the --with-afs option which indeed requires plain text
passwords from the clients.

> I don't know where you can read about it but it is in fact true.
> The reason it took so long to get OpenAFS for Windows to work on
> Vista was because of the TLS support.  Every Vista workstation whether
> part of a domain or not is given an X.509 server certificate which
> is used to protect the File and Print Sharing, Remote Desktop, IIS, and
> other remote services.

Really interesting. Do you have a sniff of such a connection
you could share with us? I would like to know how Vista
would start negotiating TLS encrypted SMB connections.

Also CC'ing samba-technical at samba.org, I'm sure that the
Samba community would love to see Windows finally doing SMB
bulk encryption properly.

Thanks,

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20061018/e8f2544f/attachment.bin


More information about the samba-technical mailing list