[Samba] Minimum footprint for authenticating CIFS shares with Kerberos
Dorian Taylor (Lists)
lists at doriantaylor.com
Mon Jan 25 02:35:37 UTC 2021
> On Jan 22, 2021, at 12:55 PM, Jeremy Allison via samba <samba at lists.samba.org> wrote:
> On Fri, Jan 22, 2021 at 08:43:58PM +0000, Rowland penny via samba wrote:
>> On 22/01/2021 20:23, Dorian Taylor (Lists) wrote:
>>> Perhaps the question I should have asked is “how closely-coupled is using Kerberos to authenticate to a Samba share to the whole AD ball of wax?“, but it looks like the answer is “It’s all or nothing, baby.”
>> You could consider a Unix domain member instead.
> Doh ! Yep, what Rowland said (thanks Rowland :-). "Member Server"
> is for joining an existing AD-domain, "Unix domain member" is
> for using an existing krb5 infrastructure.
Ah. Nice. I figured since AD yokes together a bunch of protocols, they can’t *all* be necessary just to get file shares authenticating with Kerberos.
Make things. Make sense.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 874 bytes
Desc: Message signed with OpenPGP
More information about the samba