Samba to maintain Kerberos library configuration
Stefan (metze) Metzmacher
metze at samba.org
Fri Aug 21 08:53:50 MDT 2009
Ondrej Valousek schrieb:
>
>> pam_winbind should still work in case Kerberos doesn't. And
>> there's a suprising number of ways to break Kerberos.
>>
>>
> Well, true, BUT - winbind eventually use Kerberos anyway to authenticate
> the user with AD, right? So samba should be able to configure the
> Kerberos library (possibly at the "net ads join" stage).
> Moreover, if you want to use common things like single sign on via ssh,
> pam_winbind won't help you a single bit - with a working Kerberos
> library and valid TGT ticket (provided by pam_krb5) this is no problem
> at all.....
The winbind_krb5_locator plugin configures the krb5 libraries with
information from winbind.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090821/897f19da/attachment.pgp>
More information about the samba-technical
mailing list