Some notes on "Implement 'update keytab' for winbind and tools"
Andrew Bartlett
abartlet at samba.org
Sun Jan 28 21:02:58 UTC 2024
On Wed, 2024-01-10 at 12:50 +0100, Stefan Metzmacher wrote:
> Hi Andrew,
> > For some reason this felt better as a mailing list post than just a
> > MRupdate.
> > I'm really sorry to give a chunky bit of feedback right as I go
> > onleave, I'm sure is quite frustrating and you will probably want
> > someclarification.
> > Sadly I hadn't been paying attention to
> > https://gitlab.com/samba-team/samba/-/merge_requests/1999
> >
> > As Christmas is next week, I'll be stepping away from Samba mail
> > andGitLab.
> > I do trust metze to continue to give you good feedback if you want
> > topush this through while I've stepped away - please don't write me
> > downas blocking this - but I'm also keen to try and help get a good
> > 'updatekeytab for other things' solution for all of Samba, using
> > our keys orgMSA keys.
>
> While this sounds very interesting we still need ways toexport
> keytabs for our things like sshd, that also needsthe 'host/' service
> principal.
> And at least my main goal with MR 1999 is thatwe no longer need to
> mess with 'kerberos method' and preventwinbindd from changing the
> password every week.
<snip>
> But the basic infrastructure for an admin to controlhow keytabs are
> updated is a clear win over the messwe currently have. My hope is
> also to remove quitesome old code...
Thanks for writing back. This sounds like a good and useful plan.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba-technical
mailing list