[Samba] Samba PDC & Kerberos authentication

Andrew Bartlett abartlet at samba.org
Tue Oct 21 11:14:03 GMT 2003

On Tue, 2003-10-21 at 04:11, Dmitry P. Schegolev wrote:
>         Hello!
> As I read in samba-docs, samba-3.0.0 cannot be ADC. 
> But I have unix kerberos domain and I want for simplicity, that samba PDC 
> perform user's authentication in kerberos. There is not to propagate any 
> kerberos principals to windows, but simply PDC perform user's authentication 
> in kerberos and store all needed account information in openldap. Is it 
> possible with samba 3.0.0?

You can't make it pass things on to kerberos in any meaningful way, but
you could make Samba and your KDC share the LDAP database.   The trivial
option is simply to run a 'unix password sync', but it's also technicaly
possibly (but not implemented) to read the 'type 23' encrypted token for
NTLM authentication.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031021/f0343f8b/attachment.bin

More information about the samba mailing list