[Samba] Samba, pam, and kerberos

Andrew Bartlett abartlet at samba.org
Mon May 24 23:10:50 GMT 2004

On Mon, 2004-05-24 at 23:49, pll+samba at permabit.com wrote:
> In a message dated: Wed, 19 May 2004 22:05:07 EDT
> Adam Tauno Williams said:
> >> Ahh well, worth a shot.
> >
> >There is some development effort to integrate OpenLDAP, Samba, &
> >Heimdal.  So you will be able to do this someday.
> Why Heimdal?  Why not MIT, is it a US encryption export problem, or 
> is Heimdal perceived to be better than MIT for some reason?
> (or, is it because that's what OpenLDAP used and has working, so it's 
> less effort to get Samba to work with that?).

Heimdal was chosen (by me) because there is an existing OpenLDAP backend
for Heimdal, and it was easy to modify it to talk to a Samba/LDAP
accounts database.

(Reportedly, the MIT folks freak when you suggest putting passwords into
LDAP ;-)

This is not intended for use with Windows clients at this stage, as we
don't implement many of the other parts of Active Directory.  But I want
unix clients to be able to use kerberos, in sites where the effort to
re-get everybody's passwords would be prohibitive.

The project (which involves interoperability patches for a number of
pieces of software) is known collectively as 'lorikeet', and has an svn
repository on samba.org.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040525/d711a8e8/attachment.bin

More information about the samba mailing list