Samba to maintain Kerberos library configuration
webserv at s3group.cz
Fri Aug 21 07:48:29 MDT 2009
> pam_winbind should still work in case Kerberos doesn't. And
> there's a suprising number of ways to break Kerberos.
Well, true, BUT - winbind eventually use Kerberos anyway to authenticate
the user with AD, right? So samba should be able to configure the
Kerberos library (possibly at the "net ads join" stage).
Moreover, if you want to use common things like single sign on via ssh,
pam_winbind won't help you a single bit - with a working Kerberos
library and valid TGT ticket (provided by pam_krb5) this is no problem
More information about the samba-technical