[Samba] Your advices regarding authentication methods compatible with S4
obilhaut at fondation-misericorde.fr
Mon Mar 19 11:01:12 UTC 2018
Hi Andrew, Hi Sam,
Many thanks for your quick replies, we already
worked on this doc page but due to the lack of smart card reader/writer,
we did not finished the setup. We'll buy some hadware and create a
testing S4 lab to finish this config.
What about biometry ? Is there a
way to store any biometrical information into the ldap backend ?
there by any chance any other third-party authentication method/tool
that we can plug on S4 ? We would be pleased to avoid using another
smart card if possible.
Le 2018-03-19 04:36,
Andrew Bartlett a écrit :
> On Mon, 2018-03-19 at 11:55 +1300, Garming
Sam via samba wrote:
>> Hi, Maybe this page might be helpful. I don't
know how up to date it is, but the expectation seems to be that it
should be able to work with alternative forms of authentication (with
Yeah, I think something that presents as smart card login is likely to
be the best bet. Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords).
> The PKINIT stuff
is meant to work, certainly worth a play in the lab.
> The main thing I
would want to check on is revocation of the
> certificates (for when a
badge is lost/stolen). We may need to work
> on that to use some kind of
online check or to get Heimdal to re-load
> the Certificate Revocation
list if it doesn't already.
> Andrew Bartlett
More information about the samba