[Samba] winbind require_membership_of not being checked with forwardable kerberos ticket
Andrew Bartlett
abartlet at samba.org
Thu Feb 11 01:55:33 UTC 2021
On Wed, 2021-02-10 at 20:28 -0500, Jason Keltz via samba wrote:
>
> I need winbind group membership check, but I also want to be able to
> support forwardable tickets. Is that somehow circumventing the check
> by
> winbind? and if so, how would I resolve that?
The winbind require_membership_of check is only made when locally
authenticating users, eg by the winbindd process getting the password
from pam_winbind.
See also https://bugzilla.samba.org/show_bug.cgi?id=14622
Sorry!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
https://catalyst.net.nz/services/samba
More information about the samba
mailing list