[Samba] Schema version 87 and windows Hello
Mason Schmitt
mason at ftlcomputing.com
Wed Sep 30 19:40:57 UTC 2020
On Wed, 30 Sep 2020 at 03:20, mailist <mailist at kaminot.xyz> wrote:
> I setup a test environment comporting of a windows 2016 evaluation
> server and a windows 10 eval too so you can tag along.
>
Thanks Vincent.
Concerning the provisioning for key trust it looks like the Enterprise
> Device Registration Service is the one doing most of the work, since
> there are litte if no documentation about it, I prefer on my side to
> focus on the day to day auth flow.
>
Makes sense to me.
It looks like the easiest to implement would be the certificate trust
> (
> https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning
> )
>
Yes, if you already have a CA, this looks to be the path that will have the
least amount of Samba development required. The key based auth would
require less infrastructure (no need for a CA), but then it would require
more changes to Samba.
> And it is probably very similar to a smart key process (if you can believe
> that the
>
> https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication
> is true)
>
That was my impression as well.
--
Mason
More information about the samba
mailing list