[Samba] Your advices regarding authentication methods compatible with S4

Andrew Bartlett abartlet at samba.org
Mon Mar 19 03:36:12 UTC 2018

On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote:
> Hi,
> Maybe this page might be helpful. I don't know how up to date it is, but
> the expectation seems to be that it should be able to work with
> alternative forms of authentication (with Kerberos PKINIT).
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login

Yeah, I think something that presents as smart card login is likely to
be the best bet.  Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords). 

The PKINIT stuff is meant to work, certainly worth a play in the lab. 
The main thing I would want to check on is revocation of the
certificates (for when a badge is lost/stolen).   We may need to work
on that to use some kind of online check or to get Heimdal to re-load
the Certificate Revocation list if it doesn't already. 

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba mailing list