[Samba] Samba, pam, and kerberos
pll+samba at permabit.com
pll+samba at permabit.com
Mon May 24 13:47:58 GMT 2004
In a message dated: Wed, 19 May 2004 21:13:39 EDT
Adam Tauno Williams said:
>> Im not a complete expert in this area, but. If you try winbind its got to
>> have a correctly configured kerberos client to contact the AD. Could you try
>> this but specify your MIT Kerberos kdc instead.
>
>Samba cannot currently acquire Kerberos tickets on behalf of the client
I'm not asking for Samba to acquire Kerberos tickets, nor do I
require that the client get tickets. All I want to do is use
Kerberos to *authenticate* the clients.
In theory, shouldn't I be able to have the client send the password
to Samba, then have Samba use PAM to see if that password is
legitimate? What PAM does with it (i.e. pass it off to Kerberos)
should be transparent to Samba and the the client.
(though, I'm likely to need to have the clients configured to use
cleartext passwords, which is not great, and really defeats the point
of Kerberos ! :(
--
Seeya,
Paul
GPG Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
If you're not having fun, you're not doing it right!
More information about the samba
mailing list