[Samba] Minimum footprint for authenticating CIFS shares with Kerberos

Dorian Taylor (Lists) lists at doriantaylor.com
Mon Jan 25 02:35:37 UTC 2021

> On Jan 22, 2021, at 12:55 PM, Jeremy Allison via samba <samba at lists.samba.org> wrote:
> On Fri, Jan 22, 2021 at 08:43:58PM +0000, Rowland penny via samba wrote:
>> On 22/01/2021 20:23, Dorian Taylor (Lists) wrote:
>>> Perhaps the question I should have asked is “how closely-coupled is using Kerberos to authenticate to a Samba share to the whole AD ball of wax?“, but it looks like the answer is “It’s all or nothing, baby.”
>> You could consider a Unix domain member instead.
> Doh ! Yep, what Rowland said (thanks Rowland :-). "Member Server"
> is for joining an existing AD-domain, "Unix domain member" is
> for using an existing krb5 infrastructure.

Ah. Nice. I figured since AD yokes together a bunch of protocols, they can’t *all* be necessary just to get file shares authenticating with Kerberos.


Dorian Taylor
Make things. Make sense.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20210124/548b4eb2/signature.sig>

More information about the samba mailing list