Samba to maintain Kerberos library configuration

Ondrej Valousek webserv at
Fri Aug 21 07:48:29 MDT 2009

> pam_winbind should still work in case Kerberos doesn't. And
> there's a suprising number of ways to break Kerberos.
Well, true, BUT - winbind eventually use Kerberos anyway to authenticate 
the user with AD, right? So samba should be able to configure the 
Kerberos library (possibly at the "net ads join" stage).
Moreover, if you want to use common things like single sign on via ssh, 
pam_winbind won't help you a single bit - with a working Kerberos 
library and valid TGT ticket (provided by pam_krb5) this is no problem 
at all.....

More information about the samba-technical mailing list