[Samba] nslcd: kerberos vs. simple bind

Marc Muehlfeld samba at marc-muehlfeld.de
Wed Aug 28 10:37:51 MDT 2013


I took this out of the "OpenSSH auth in SAMBA4 LDAP" thread, because it 
was drifting away from it's origin question :-)

I played this afternoon a bit with nslcd and kerberos for extending my 
Wiki HowTo. But as more as I read, one question comes bigger and bigger: 
What are the advantages of kerberos against simple bind with DN and 

Simple bind method: Create a user, add the credentials to the root only 
readable file nslcd.conf. Done

Kerberos: Create user, add a SPN, extract keytab, edit nslcd.conf (ok. 
This is all done only once.). But then, if I understand it right, I need 
something that renews the kerberos ticket from time to time. In your 
blog you use k5start for that. Also Fedora 19 and RHEL6 doesn't have it 
in their repositories. So something more to compile and to be ensured 
that it starts and run. :-)

So currently I don't see what are the advantages of Kerberos and in 
which way it should be easier or anything else. :-)

Maybe someone can give me (Kerberos beginner) some answers/hints. :-)


More information about the samba mailing list