[Samba] Kerberos support in 3.0?
Paul Lussier
pll at permabit.com
Mon Feb 23 21:02:25 GMT 2004
In a message dated: Tue, 24 Feb 2004 07:52:28 +1100
Andrew Bartlett said:
>Getting windows clients to talk to MIT krb5 is possible, but my
>understanding is that you loose most of the benifits of NT domain
>intergration. (You end up maintaining a lot of local accounts).
Hmmm, that's exactly what I'm trying to avoid. We don't currently
have an NT domain, so I'm not exactly clear on what benefits I'd be
missing other than the accounts thing. But, if we're just talking
about getting Win clients to auth against MIT K5, do I even need
Samba?
>I've done some work on the reverse. We have an NT password database
>(samba's passdb backend) and we can use that same database to become a
>kerberos server.
So, are you saying that both k5 and samba would look at the same
database for authentication? i.e. passdb points to LDAP, as does k5?
>I know it's not really what you were looking for, but here is my posting
>to the samba-technical list:
>http://marc.theaimsgroup.com/?l=3Dsamba-technical&m=3D107748396331431&w=3D2
Thanks, it's not what I was looking for, but it might be the best way
to go.
>At the very least, what I have done here makes Heimdal's LDAP backend
>function again.
Does MIT's k5 have an LDAP backend option? (I'm actually very new to
k5, so I'm getting my feet wet in all sorts of interesting ways
lately :)
Thanks,
--
Seeya,
Paul
GPG Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
If you're not having fun, you're not doing it right!
More information about the samba
mailing list