Domain Join w/ SChannel GSS-API Kerberos for JCIFS
Michael B Allen
mba2000 at ioplex.com
Tue Nov 16 00:03:04 GMT 2004
Andrew Bartlett said:
>> Or do I do SessionSetupAndX extended security with just the data in the
>> Kerberos ticket/blob/PAC?
>
> Correct. This is one of the things that makes Kerberos such a useful
> system. All you need is the service key.
Okay this is clearer now.
But back to my use-case -- once I get the ticket, with whom do I do
extended security negotiation to looking up a user's membership? The DC or
KDC?
Do I still want to do SamrLookupNamesInDomain et al or should I be doing
LDAP to Active Directory?
Mike
More information about the samba-technical
mailing list