Samba to maintain Kerberos library configuration

webserv at s3group.com webserv at s3group.com
Fri Aug 21 11:41:33 MDT 2009


> pam_winbindd is certainly superior.
> Not only it can use kerberos to authenticate (and set your credential
> caches), but it can fallback to NTLM or even to offline mode (if
> configured to do so).

Ok, you convinced me (if it can handle tickets AND offline mode, then it
is certainly a superior).
But still, Kerberos configuration as per krb5.conf would be great at least
for the following:
- ssh single sign on
- NFSv4
- OpenLdap library / automounter
... and besides, there is already an option to handle the system Kerberos
Keytab file - so this seems to me a next obvious step.

As per the winbind_krb5_locator mentioned - this is a good example of
absolutely useless thing - MIT Kerberos library can lookup KDCs using DNS
SRV records on its own! So really, krb5.conf configuration only involves
putting appropriate realm in - for experienced admin not a big deal, but
for beginners Samba can help here greatly....




The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s).
Please direct any additional queries to: communications at s3group.com.
Thank You.
Silicon and Software Systems Limited. Registered in Ireland no. 378073.
Registered Office: South County Business Park, Leopardstown, Dublin 18


More information about the samba-technical mailing list