[Samba] Kerberos auth without NTLM
Andrew Bartlett
abartlet at samba.org
Mon Mar 22 22:33:26 GMT 2004
On Mon, 2004-03-22 at 23:46, ww m-pubsyssamba wrote:
> Can anyone tell me if I can configure Samba 3.x to rely only on Kerberos authentication (in an AD domain)?
> Ideally I'd like to use local UNIX accounts, not winbind, and negate the need for me to add an entry to passdb, then the
> account must exist in AD and locally on each Samba member server for authentication to work.
> If there is any info held in passdb, other than the NTLM coded password, which must exist for Samba to work then I'd
> like to either enter an unusable password or disable NTLM authentication completely. Reason for my second request
> is if I am forced to have users in passdb I don't want to have to worry about the data being world readable from a
> security perspective.
I meant to talk to you earlier about this. It is quite OK to have a
system that does not use winbind, and you can still use all the
authentication mechanisms.
You can set 'security=domain' and even 'security=ads' without winbind.
You can also run winbindd (which helps security=domain's performance)
without winbind in nsswitch.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040323/2ce48e54/attachment.bin
More information about the samba
mailing list