Robert Larson wrote:
> I have a system setup using OpenLDAP combined with Cyrus-SASL and Heimdal 
> kerberos.  I have tied samba into it, and will eventually setup samba-tng as 
> an authentication head for samba.  With samba, I may use NTLM authentication 
> to include more options for SSO.
Why do you need samba-tng?

> 
> The way my setup works is samba has access to use LDAP for accounting and 
> simple binds (over SSL/TLS).  Unfortunately, samba doesn't support kerberos 
> based authentication "(yet)".  
To be a bit more specific, samba(3) cannot hand tickets to windows
clients (yet) ;)

In this setup, the users sign on to their
> desktop, and the same login is used to access network shares without prompt 
> for another password (this happens by default on most windows desktops) using 
> NTLM.
So this is a normal windows domain with a samba PDC?

> 
> Various applications using SPEGNO/GSSAPI can provide autologin functionality 
> using this same login if we chose to implement something to that effect, but 
> that depends entirely on the applications we might use.  For example, IE and 
> Firefox support SPEGNO/GSSAPI, so enabled web applications may use this to 
> authenticate the client without additional credentials.  
As long as you don't get tickets for your (windows) clients, this is out
of scope.

cheers
 Paul

BTW: Does anyone know a site tracking security flaws for kernel 2.6 and
the relevant fixes?



-- 
[email protected] mailing list

Reply via email to