[PATCHES] site-aware Kerberos authentication during domain join
Andreas Schneider
asn at samba.org
Thu Mar 10 07:52:19 UTC 2016
On Thursday 03 March 2016 09:44:46 Uri Simchoni wrote:
> Hi,
>
> Attached please find a fix for
> https://bugzilla.samba.org/show_bug.cgi?id=11769.
>
> The bug description explains why this may be important.
>
> The fix enables site-aware Kerberos during execution of "net ads join
> -k", even if winbindd is not started (so the locator cannot be used).
>
> This works only if the user specified the domain's DNS name (which is
> assumed to be equal to the Kerberos realm). If the user didn't specify
> it (e.g. only specified flat domain name or server to use), we need to
> securely contact a DC to determine the domain's DNS name, so we cannot
> pre-configure Kerberos.
>
> Review appreciated.
> Thanks,
> Uri.
I think this is something for WHATSNEW.txt ... :)
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list