[Samba] Kerberos support in 3.0?

Paul Lussier pll at permabit.com
Mon Feb 23 21:02:25 GMT 2004

In a message dated: Tue, 24 Feb 2004 07:52:28 +1100
Andrew Bartlett said:

>Getting windows clients to talk to MIT krb5 is possible, but my
>understanding is that you loose most of the benifits of NT domain
>intergration.  (You end up maintaining a lot of local accounts).

Hmmm, that's exactly what I'm trying to avoid.  We don't currently 
have an NT domain, so I'm not exactly clear on what benefits I'd be 
missing other than the accounts thing.  But, if we're just talking 
about getting Win clients to auth against MIT K5, do I even need 

>I've done some work on the reverse.  We have an NT password database
>(samba's passdb backend) and we can use that same database to become a
>kerberos server.

So, are you saying that both k5 and samba would look at the same 
database for authentication?  i.e. passdb points to LDAP, as does k5?

>I know it's not really what you were looking for, but here is my posting
>to the samba-technical list:

Thanks, it's not what I was looking for, but it might be the best way 
to go.

>At the very least, what I have done here makes Heimdal's LDAP backend
>function again.

Does MIT's k5 have an LDAP backend option? (I'm actually very new to 
k5, so I'm getting my feet wet in all sorts of interesting ways 
lately :)


GPG Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	 If you're not having fun, you're not doing it right!

More information about the samba mailing list