[Samba] Samba + Kerberos ONLY NO AD

Andrew Bartlett abartlet at samba.org
Thu Mar 13 02:58:31 GMT 2008


On Sun, 2008-03-09 at 23:31 +0530, Sadique Puthen wrote:
> gerryw at compvia.com wrote:
> > Hello All,
> >
> > I am trying to figure out how to configure Samba to use Kerberos for 
> > authentication. I have found many how-tos and many posts on integrating 
> > Samba with AD. This is not what I need to do. I want to eliminate AD. I 
> > have seen several posts by others who want to do the same thing, but they 
> > are either answered with something about AD or not at all. Is there a way 
> > to make Samba just use plain Kerberos for authentication?
> >   
> 
> What you mean by plain kerberos for authentication? You can use pam_krb5 
> for kerberos authentication and there is no need to use samba in any way 
> for this to work. If I have understood ur question wrongly, please 
> correct me.

To use pam_krb5 you must be running plaintext passwords over the
network, which as well as being insecure, is also buggy, due to be an
almost completely untested code-path on the clients.   Just don't do
it...

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080313/58526161/attachment.bin


More information about the samba mailing list