[Samba] OTP authentication

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Jan 14 07:49:24 MST 2015


If I were going to do this, I would probably try moving to a Windows 
200x AD domain controller, and implementing RSA SecurID on that 
machine.  I have not worked with other OTP solutions.

As far as I understand, if Samba is configured as a domain controller, 
it expects to be able to handle the authentication itself.

OTP is , in my opinion, most valuable when you are exposing resources to 
the Internet (e.g. a remote access solution, web-based corporate e-mail 
etc.)


On 01/13/15 17:24, the2nd wrote:
> I've read about using clear text passwords with samba. But i think 
>  technically it should be possible that samba hands over the 
> authentication to another component. If you join samba to a windows 
> domain it does exaclty this. If you joined a linux machine to a 
> Windows Domain you can use winbind and ntlm_auth to authenticate third 
> party Software like squid against the windows dc also with sso. I 
> would like to use it the other way. If it would be possible that samba 
> calls an external tool to do ntlm challenge response auth i could use 
> it with OTPme. :)
>
> -------- Ursprüngliche Nachricht --------
> Von: Gaiseric Vandal
> Datum:01.13.2015 22:57 (GMT+01:00)
> An: samba at lists.samba.org
> Betreff: Re: [Samba] OTP authentication
>
> On 01/13/15 16:21, the2nd at otpme.org wrote:
> > hi,
> >
> > i would like to ask if it would be possible to use samba with one time
> > passwords. i know there are commercial and OSS solutions to do this
> > (e.g. http://pgina.org/) but i would prefer to do it without any
> > software that needs to be installed on windows.
> >
> > would this technically be possible or is this already possible?
> >
> > regards
> > the2nd
>
>
> Samba at one point allowed you to use pam authentication. Which
> makes me think that you could then use it with the the RSA securid
> client software (or radius modules) to talk back to a RSA SecurID
> server.    It would require unencrypted passwords which would then add a
> new security risk.
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list