[Samba] Kerberos authentication for non-windows KDCs
Jeremy Allison
jra at samba.org
Wed Mar 12 22:15:08 GMT 2008
On Wed, Mar 12, 2008 at 11:07:28PM +0100, Olivier Sessink wrote:
> Jeremy Allison wrote:
>
>> That's just not true. Many people are successfully using Samba3 to
>> authenticate
>> with tokens from MIT or Heimdal kerberos servers.
>> The problem is getting the Windows clients to *get* these tickets, not in
>> Samba interpreting them.
>
> Is 'getting' or 'using' the kerberos ticket the problem?
>
> One can install MIT kerberos on windows, and I suppose getting the tickets
> from an MIT KDC should be possible then, but will the cifs stack in windows
> actually use those tickets?
In this case - using. MS have a whitepaper on using Windows clients
with MIT kerberos, but you have to have stand-alone accounts on
individual machines - not domain accounts. It's completely useless
and non-scalable in the real world.
When they change this I'll start to believe the "interoperability"
line...
Jeremy.
More information about the samba
mailing list