Kerberos support on Samba
vikrambharti33 at gmail.com
Wed Mar 3 15:27:21 UTC 2021
Was going through this.
And I found that we do support Kerberos. Please correct my understanding
Assumption 1:- does this mean if a user x has permission on SMB share then
he can access SMB shares by sending credentials to callback API and Samba
can use those tokens to forward it to SMB shares and provide the access?
What i understand from t*estBrowse *example , just enable the Kerberos flag
and pass the user credential to call back function. Which internally uses
Kinit to pass the credentials and get TGT and TGS exchanged. And then
libsmbclient forward the request to SMB shares with TGS received and
initiate TCP session.
Assumption 2:- it's only possible to get the token for the service account
set up for a computer account as mentioned below.
Setspn -s http/<computer-name>.<domain-name> <domain-user-account>
More information about the samba-technical