[Samba] What is good about kereberos auth?
Ti Leggett
leggett at ci.uchicago.edu
Mon May 2 17:04:58 GMT 2005
There are two main benefits to Kerberos authentication. The first is
that in a true Kerberos environment, no password is never sent across
the wire. The second, is that you get the holy grail of single sign on.
Your LDAP PDC should be able to make use of Kerberos though not in the
true sense. There is Kerberos support in Samba, but as I understand it,
it's only for interacting with a Microsoft AD server and not others.
What will happen is authentication requests will come to the PDC which
will then use the underlying mechanism (a.k.a. PAM) to authenticate a
user. This is how I understand it and I'll defer to those more
knowledgeable on the list if I'm wrong.
On Mon, 2005-05-02 at 09:51 -0700, Jim C. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Just curious but what is so great about Kereberos authentication? Would
> my LDAP PDC arrangement benefit?
>
>
> Jim C.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCdlqCB4AhF6wVFMERAvA2AJ9ZLZlQp8cWSHWdJRu7C3ZZO9+9KwCgmZKT
> /2QLrrhjgisoJerB0RrOpmw=
> =SnGr
> -----END PGP SIGNATURE-----
>
More information about the samba
mailing list