[Samba] Your advices regarding authentication methods compatible with S4
Andrew Bartlett
abartlet at samba.org
Mon Mar 19 03:36:12 UTC 2018
On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote:
> Hi,
>
> Maybe this page might be helpful. I don't know how up to date it is, but
> the expectation seems to be that it should be able to work with
> alternative forms of authentication (with Kerberos PKINIT).
>
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
Yeah, I think something that presents as smart card login is likely to
be the best bet. Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords).
The PKINIT stuff is meant to work, certainly worth a play in the lab.
The main thing I would want to check on is revocation of the
certificates (for when a badge is lost/stolen). We may need to work
on that to use some kind of online check or to get Heimdal to re-load
the Certificate Revocation list if it doesn't already.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list