[Samba] Re: smbclient kerberos issue
Gerald (Jerry) Carter
jerry at samba.org
Sat Oct 4 18:45:39 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ryan Bair wrote:
> This seems to be related to this entry on the list in 2004-2005. As
> far as I see, the issue was never fixed. This is a pretty big issue if
> it is indeed the same bug as it effectively stops *nix clients from
> using Kerberos authentication.
>
> http://lists.samba.org/archive/samba-technical/2005-April/040338.html
>
> I will try to work around using "setspn -A host/fqdn computer". Will
> "net ads keytab create" pull all the SPNs available for the client or
> is it set only do load the default ones?
We don't add cifs/... entries to the system keytab anymore.
If I understand you correctly, you are using smbclient to connect
from one Unix box to a Samba server. Correct? If so, smbd
validates the service ticket using the machine trust account
password stored in secrets.tdb so the keytab entries don't
generally come into play.
The keytab is provided to support non-Samba kerberized applications
such as sshd.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI57nTIR7qMdg1EfYRAuKPAJ9Z9bP0QJchsYJ6laQJODFAgu2vQwCg3F1+
LjrMmz7trKtLBdsEOvzK8ww=
=jy1l
-----END PGP SIGNATURE-----
More information about the samba
mailing list