[Samba] What is good about kereberos auth?

Ti Leggett leggett at ci.uchicago.edu
Mon May 2 17:04:58 GMT 2005

There are two main benefits to Kerberos authentication. The first is
that in a true Kerberos environment, no password is never sent across
the wire. The second, is that you get the holy grail of single sign on.

Your LDAP PDC should be able to make use of Kerberos though not in the
true sense. There is Kerberos support in Samba, but as I understand it,
it's only for interacting with a Microsoft AD server and not others.
What will happen is authentication requests will come to the PDC which
will then use the underlying mechanism (a.k.a. PAM) to authenticate a
user. This is how I understand it and I'll defer to those more
knowledgeable on the list if I'm wrong.

On Mon, 2005-05-02 at 09:51 -0700, Jim C. wrote:
> Hash: SHA1
> Just curious but what is so great about Kereberos authentication?  Would
> my LDAP PDC arrangement benefit?
> Jim C.
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> /2QLrrhjgisoJerB0RrOpmw=
> =SnGr

More information about the samba mailing list