[Samba] Samba authentication against Linux-based Kerberos

Robert Markula robert.markula at gmx.net
Thu Sep 3 13:11:33 MDT 2009

David Markey wrote:
> Otherwise you could do some pam hackery, perhaps stacking pam_winbind and
> pam_krb5 for password changing. You would have to do this on all the nodes
> on your network. and for the windows side of things you could write a
> password change script, which would be called by samba on a password
> change.

Thanks David!
Heimdal Kerberos is - in our case - no solution, as we're using MIT
Kerberos. So it's either some "pam hackery" (in which case the
distribution of the changes would pose no problems as all of our nodes
are configured centrally via cfengine) or we'll leave it the way it is
(advising users to change their passwords twice). I'll have a look at it
and see if I've got the time to dig deeper into this topic.

If anybody has ever done such a thing - don't be shy and share your


More information about the samba mailing list