-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tibor Pittich wrote:
> On 05. j�n 2003, 15:31, Buchan Milne wrote:
>
>
>>Without kerberos support, you can't join an active directory domain
>>(which we want to be able to do with winbind in 9.2 if samba3 is final).
>
>
> hm, interesting.. are you sure,
Yes, you can't use 'net ads join' if you don't compile with ads support,
which checks for krb5 libs.
I have made provision for people to compile samba3 without it ('rpm
- --rebuild samba3*.src.rpm --with options' will show you how), but at
present there are two reasons to use samba3, one is AD support, the
other is better LDAP support for samba domain controllers.
> taht this is not only optional? i don't
> know much about samba and active directory protocol, then this is only
> lame question :)
>
Windows2000 by default uses kerberos, and requires it from clients. At
present, to allow winbind/samba to participate in a Windows 2000 domain,
you need to make a change on the domain controller and reboot it, many
Windows admins won't be prepared to change this setting, and so linux is
not welcome in their networks at present (until samba3).
>
>>There are ftp servers and clients that support pam in main, telnet
>>servers are evil, with or without kerberos support.
>
>
> we can say, that kerberos is evil too... kerberos use old authorization
> mechanism and design which is not too optional..
>
But it's better than clear text, and when using SASL it's better than
anything else AFAIK (or have you got something better than LDAPv3 for
network-wide authentication?).
> .. and someone want have evil @home ;)
IMHO, a good ssh setup is less effort, and more desirable (cvs, winscp
etc etc). And telnet is really the only protocol that has not been
secured to some extent (pop3s,imaps, TLS for ldap, ldaps, https) that
needs authentication (a lot of ftp use is anonymous anyway), and has a
good alternative.
OK, so make a telnet-server package (if there isn't one).
BTW, IMHO we should rather work on getting kerberos support improved in
Mandrake (unless I am missing something that telnet with cleartext
passwords is more secure than telnet with kerberos?).
Buchan
- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+301mrJK6UGDSBKcRAtkeAJsFwIAdsghWcgl4arXIjXMSIZUf4ACfTTR3
T4ZHreW2QCuRZk/2QPqCWtE=
=6Bn2
-----END PGP SIGNATURE-----
******************************************************************
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy.
******************************************************************
