[Samba] What is good about kereberos auth?

José M. Fandiño samba at fadesa.es
Wed May 4 11:26:45 GMT 2005

Hello Ti,

Ti Leggett wrote:
> There are two main benefits to Kerberos authentication. The first is
> that in a true Kerberos environment, no password is never sent across
> the wire. The second, is that you get the holy grail of single sign on.
> Your LDAP PDC should be able to make use of Kerberos though not in the
> true sense. There is Kerberos support in Samba, but as I understand it,
> it's only for interacting with a Microsoft AD server and not others.
> What will happen is authentication requests will come to the PDC which
> will then use the underlying mechanism (a.k.a. PAM) to authenticate a
> user. This is how I understand it and I'll defer to those more
> knowledgeable on the list if I'm wrong.

then...,  there isn't any benefit associated with kerberos in a pure
samba environment with a ldap(+tsl) backend? 

I was thinking about SSO and native kerberos logins but from this
comment I must understand that it ins't possible?

Thank you.
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z

More information about the samba mailing list