Rowland Penny rpenny at samba.org
Mon Dec 17 15:08:24 UTC 2018

On Mon, 17 Dec 2018 15:38:02 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Hm,, 
> Good question Marco, now after re-reading it, i understand what you
> trying to say. How i did read it and understand it. 
> dedicated keytab file (G)
>    Specifies the absolute path to the kerberos keytab file when
> `kerberos method` is set to "dedicated keytab". When the kerberos
> method is in "dedicated keytab" mode, dedicated keytab file must be
> set to specify the location of the keytab file.
> So you options are
> 	kerberos method = secret only	( the default.)
>           so no changes in smb.conf by default.
>       kerberos method = system keytab
>         assumes the system default ( /etc/krb5.keytab )

Sorry, but no it doesn't ;-), the 'system keytab' is by default in

> kerberos method = dedicated keytab
>   can be : AnyPath/to/keytabfile.
> kerberos method = secrets and keytab - use the secrets.tdb first,
> then the system keytab
> I think we should define "system keytab" a bit beter in smb.conf.

You are probably right Louis, want to make this your first patch as a
Samba team member ?
> So yeah, you might say, `kerberos method = secrets and keytab` should
> work fine without the setting :

Yes it will, but anything else that needs an actual keytab wont.

> dedicated keytab file If thats not
> the case then we need 2 of these : kerberos method = secrets and
> keytab kerberos method = secrets and system-keytab kerberos method =
> secrets and dedicate-keytab
> What i think, but i cant see it in the code, maybe Rowland can tell
> this.

Just did ;-)

More information about the samba mailing list