[Samba] Kerberos authentication for non-windows KDCs

Jeremy Allison jra at samba.org
Wed Mar 12 22:15:08 GMT 2008


On Wed, Mar 12, 2008 at 11:07:28PM +0100, Olivier Sessink wrote:
> Jeremy Allison wrote:
>
>> That's just not true. Many people are successfully using Samba3 to 
>> authenticate
>> with tokens from MIT or Heimdal kerberos servers.
>> The problem is getting the Windows clients to *get* these tickets, not in
>> Samba interpreting them.
>
> Is 'getting' or 'using' the kerberos ticket the problem?
>
> One can install MIT kerberos on windows, and I suppose getting the tickets 
> from an MIT KDC should be possible then, but will the cifs stack in windows 
> actually use those tickets?

In this case - using. MS have a whitepaper on using Windows clients
with MIT kerberos, but you have to have stand-alone accounts on
individual machines - not domain accounts. It's completely useless
and non-scalable in the real world.

When they change this I'll start to believe the "interoperability"
line...

Jeremy.


More information about the samba mailing list