[Samba] Samba, pam, and kerberos

pll+samba at permabit.com pll+samba at permabit.com
Mon May 24 13:47:58 GMT 2004

In a message dated: Wed, 19 May 2004 21:13:39 EDT
Adam Tauno Williams said:

>> Im not a complete expert in this area, but. If you try winbind its got to
>> have a correctly configured kerberos client to contact the AD. Could you try
>> this but specify your MIT Kerberos kdc instead.
>Samba cannot currently acquire Kerberos tickets on behalf of the client

I'm not asking for Samba to acquire Kerberos tickets, nor do I 
require that the client get tickets.  All I want to do is use 
Kerberos to *authenticate* the clients.

In theory, shouldn't I be able to have the client send the password 
to Samba, then have Samba use PAM to see if that password is 
legitimate?  What PAM does with it (i.e. pass it off to Kerberos) 
should be transparent to Samba and the the client.  

(though, I'm likely to need to have the clients configured to use 
cleartext passwords, which is not great, and really defeats the point 
of Kerberos ! :(

GPG Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	 If you're not having fun, you're not doing it right!

More information about the samba mailing list