[Samba] Samba - LDAP - Kerberos

Andrew Bartlett abartlet at samba.org
Thu Apr 5 09:39:21 GMT 2007

On Wed, 2007-04-04 at 15:18 +0200, Jörg Herzinger wrote:
> > The other option is the smbk5pwd module for openldap, and setting 'ldap password sync = yes'.  I've not used it > myself, but I'm told it works.
> Hmm, thanks, but this module is just a dirty trick in my eyes and it
> works just for Heimdal Kerberos but I use MIT-Kerberos. I almost can't
> believe that samba supports no other way of authenticating local users
> than its own database.

Like Kerberos, Samba needs the password-equivilant values, or some other
process that will perform the same calculations on them (like a DC for a
member server).  There isn't any way around that.  Interestingly Heimdal
0.8 includes code to do this in the KDC (we don't have a client for this
yet, but it is a very interesting move).  

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20070405/3a36ab16/attachment.bin

More information about the samba mailing list