[Samba] Your advices regarding authentication methods compatible with S4
abartlet at samba.org
Mon Mar 19 03:36:12 UTC 2018
On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote:
> Maybe this page might be helpful. I don't know how up to date it is, but
> the expectation seems to be that it should be able to work with
> alternative forms of authentication (with Kerberos PKINIT).
Yeah, I think something that presents as smart card login is likely to
be the best bet. Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords).
The PKINIT stuff is meant to work, certainly worth a play in the lab.
The main thing I would want to check on is revocation of the
certificates (for when a badge is lost/stolen). We may need to work
on that to use some kind of online check or to get Heimdal to re-load
the Certificate Revocation list if it doesn't already.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the samba