[Samba] samba, pam, kerberos

Andrew Bartlett abartlet at samba.org
Wed Oct 22 23:17:43 GMT 2003 

On Thu, 2003-10-23 at 08:54, Aaron Rosenblum wrote:
> I asked a similar question yesterday, but in my further research found 
> this software:
> 
> http://rsug.itd.umich.edu/software/ksamba.html
> 
> Description:
> kSamba is used for AFS translation in University of Michigan Campus 
> sites. It also allows Windows workstations to authenticate and connect 
> to UNIX SMB (Server Message Block) servers via a kerberos out-of-band 
> negotiation. This allows users to connect without entering a SMB 
> password. A version of Samba 2.0.6 modified to support AFS and kerberos 
> is implemented on the server side.
> 
> I am less interested in using an AFS translator, because we now have an 
> OpenAFS client for windows

My understanding is that doesn't really exist.  I understand it's just
an SMB server, on the windows localhost...  In many ways, you would
probably be better to make Samba the AFS translator.

> , but the "allows windows workstations to 
> authenticate and connect to UNIX SMB server via kerberos" part sounds 
> nice.  Particularly because I have an MIT KDC to deal with, and don't 
> desire to leverage AD for Kerberos.  Looks as if this project is pretty 
> old, anyone familiar with it?

I think you will find it easier to convince windows to use it's internal
kerberos authentication.

> > Samba 3.0 supports kerberos authentication for SMB resources as both a
> > client and a server.  Server-side is currently ADS only, but this 
> > should
> > change shortly.  The problem is to convince the clients to speak
> > kerberos.
> >
> > Andrew Bartlett
> > -- 
> > Andrew Bartlett                                 abartlet at pcug.org.au
> > Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> > Student Network Administrator, Hawker College   abartlet at hawkerc.net
> > http://samba.org     http://build.samba.org     http://hawkerc.net
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031023/5d7d7105/attachment.bin

More information about the samba mailing list