[Samba] NT_STATUS_NETWORK_SESSION_EXPIRED Domain member
Rowland Penny
rpenny at samba.org
Mon Dec 17 16:23:48 UTC 2018
On Mon, 17 Dec 2018 16:54:03 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> Ok, but then, with the setting, `kerberos method = secrets and
> keytab` it's only more confusing.
>
> A small re-cap.
> secrets only - use only the secrets.tdb for ticket verification
> (default)
> - this is clear how its used.
>
> system keytab - use only the system keytab for ticket
> verification
> - this description here might be better off with something like this.
> system keytab - use only the system (in memory) keytab for ticket
> verification.
>
> dedicated keytab - use a dedicated keytab for ticket verification
> (preffered the OS default)
> - ( for debian/ubuntu /etc/krb5.keytab )
Yes, apart from mentioning any OS defaults, that's the OS's job ;-)
>
> secrets and keytab - use the secrets.tdb first, then the system (in
> memory) keytab But now i can't explain the mix of `dedicated keytab`
> and `secrets and keytab` anymore.
>
> Here : secrets and keytab
> Keytab points to in-memory and/or file keytab?? , at least thats how
> i thought it did work.
From my understanding (which may be limited) it might be be better as
'secrets and keytabs' i.e. try everything.
>
> >
> > > kerberos method = dedicated keytab
> > > can be : AnyPath/to/keytabfile.
> > > kerberos method = secrets and keytab - use the secrets.tdb first,
> > > then the system keytab
> > >
> > > I think we should define "system keytab" a bit beter in smb.conf.
> >
> > You are probably right Louis, want to make this your first patch as
> > a Samba team member ?
> Well thats maybe a bit too early.. ;-) learn about gitlab more
> first. And if its happens, you be the first to review my typos. :-))
OK, I will introduce more typo's ;-)
>
> >
> > >
> > > So yeah, you might say, `kerberos method = secrets and keytab`
> > > should work fine without the setting :
> >
> > Yes it will, but anything else that needs an actual keytab wont.
>
> In this line "method = secrets and keytab"
> The word `keytab` referres to ? Memory keytab or file, or both.
Both
>
> Because it looks like only memory but it does use
> the /etc/krb5.keytab also. So this is not correctly defined.. and
> since im not not sure anymore how it uses the combination of the
> settings, i need to understand the combination better for before i
> can describe it. Following that part of code is to hard for me.
Yes, it is a bit spaghetti like ;-)
From experience, things work that are not in krb5.keytab and things
that are in krb5.keytab work until the keytab is removed.
Rowland
More information about the samba
mailing list