[Samba] Samba pwd in kerberos?

Andrew Bartlett abartlet at samba.org
Sun Aug 1 05:17:15 GMT 2004


On Sat, 2004-07-31 at 05:52, Sensei wrote:
> Hi. As I said... I will bother you. :)
> 
> I'm wondering if it's possible to make samba as a primary domain
> controller without having samba passwords, but instead using my two KDCs
> (MIT K5).
> 
> Is it possible? What should I use in my smb.conf? The wonderful and less
> painful thing is samba authenticating via pam... but I don't know how...
> the documentation is quite misty.

A PDC requires direct access to the passwords - it cannot use a separate
KDC.

However, you can make your KDC and Samba share a password database - the
'lorikeet' extensions to Heimdal (included in Heimdal snaphots) allow a
KDC to run with Samba passwords as the backend.

There is still work to do, but there is a good write up here:

https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040801/82c8be38/attachment.bin


More information about the samba mailing list