Machine account password interoperablity for Samba 3.0
secrets.tdb and keytabs
Andrew Bartlett
abartlet at samba.org
Tue Mar 25 12:11:47 GMT 2003
On Tue, 2003-03-25 at 22:55, Luke Howard wrote:
>
> >I agree that if Samba is changing the password for a particular kerberos
> >principal, then it should store the hashes in the keytab.
> >
> >The idea of *finally* getting kerberos useful on real sites is just too
> >appealing :-)
> >
> >Naturally, the original plaintext password should stay basically where
> >it is.
>
> In that case, perhaps it *is* better just to provide a get/set command line
> tool for the secret store rather than trying to hook the keytab into SAMBA
> per se.
Well, I think we should provide both, but if Samba just changed the
password for a principal, I see no harm in setting the password into the
keytab, when selected by the admin.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030325/8c393ebf/attachment.bin
More information about the samba-technical
mailing list