creds.set_kerberos_state(DONT_USE_KERBEROS)
Andrew Bartlett
abartlet at samba.org
Mon Jun 20 05:20:04 MDT 2011
On Mon, 2011-06-20 at 07:08 -0400, Mauricio Tavares wrote:
> In the provisions script for samba4, there is a line that does
> not make sense to me:
>
> creds.set_kerberos_state(DONT_USE_KERBEROS)
>
> Correct me if I am wrong but it sure makes me think it is telling me
> this setup will not be using kerberos. But, AFAIK if you are going for
> the AD controller role you kinda need that. So, what am I missing
> here?
This is simply saying that this particular set of credentials should not
use Kerberos. In this case the script is talking (potentially, in
now-deprecated functionality) talking to a server such as OpenLDAP, and
the password used between Samba and that LDAP server isn't an AD
password, but a simple shared secret. Having an intermediate layer
bothering a possibly-not-even-existing KDC would break things in this
case.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list