Information on how to get kerberos ticket of the user in VFS/shell during conneciton
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Feb 23 07:41:25 UTC 2018
On Thu, Feb 22, 2018 at 09:41:20PM +0100, Manfred Furuholmen via samba-technical wrote:
> the conversion is done by the aklog, you can find it in the src/aklog
> directory in openAFS.
> That is possible because it was implemented the 2b token, mainly kerberos 5
> in rxkad.
> The aklog is able to do several conversions, for the krb5 there is a
> function call rxkad_build_native_token
> that is possible because it was implemented the 2b token in AFS , mainly
> kerberos 5 in rxkad, the trick was to use kerberos 5 EncTicketPart instead
> of kerberos 4 ditto.
Ok, this means we have a chance.
I think some developer needs to spend a few days on this. You should
contact someone from https://www.samba.org/samba/support/ for paid
support, as I don't think anybody will be able to find time for this
in spare time.
Regards, Volker Lendecke
--
Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list