[Samba] nslcd: kerberos vs. simple bind

Fernando Lozano fernando at lozano.eti.br
Wed Aug 28 12:27:29 MDT 2013

>> Simple bind method: Create a user, add the credentials to the root only
>> readable file nslcd.conf. Done
>> Kerberos: Create user, add a SPN, extract keytab, edit nslcd.conf (ok.
>> This is all done only once.). But then, if I understand it right, I need
>> something that renews the kerberos ticket from time to time.
>> So currently I don't see what are the advantages of Kerberos and in
>> which way it should be easier or anything else. :-)
> If you're happy with plain text passwords being passed over the network
> then use them. There may be some admins that will not be able to do that
> though, so. . .

If this were the only kerberos advantage, we'd all be using LDAP with 
TLS to secure passwords on the wire.

[]s, Fernando Lozano

More information about the samba mailing list