of keytabs, kerberos and winbindd

simo idra at samba.org
Fri Jun 15 06:07:19 MDT 2012

On Fri, 2012-06-15 at 09:50 +0200, Ondrej Valousek wrote: 
> On 06/15/2012 12:11 AM, simo wrote:
> > I think we should strongly consider this option in future, it just makes
> > things a lot simpler on many angles and will allow us to avoid having
> > some code depend on the secrets code which is a plus as it streamlines
> > some dependencies (only for Krb5 for now I know, but it's a start).
> I strongly agree here as well - I did not know Samba has to maintain its own secrets.tdb. It would be nice if samba could really maintain 
> system Kerberos database (I see it as another big benefit) so that other services (sshd, http, nfs) can make use of it.
> Hopefully this idea will not be forgotten (as well as the idea of gss-proxy).

I am still working on gss-proxy, I have kernel patches posted to use it
with nfsd and I am working on the mechglue layer in MIT libs to get the
interposer in. Stay tuned.


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list