Robert Larson wrote: > I have a system setup using OpenLDAP combined with Cyrus-SASL and Heimdal > kerberos. I have tied samba into it, and will eventually setup samba-tng as > an authentication head for samba. With samba, I may use NTLM authentication > to include more options for SSO. Why do you need samba-tng?
> > The way my setup works is samba has access to use LDAP for accounting and > simple binds (over SSL/TLS). Unfortunately, samba doesn't support kerberos > based authentication "(yet)". To be a bit more specific, samba(3) cannot hand tickets to windows clients (yet) ;) In this setup, the users sign on to their > desktop, and the same login is used to access network shares without prompt > for another password (this happens by default on most windows desktops) using > NTLM. So this is a normal windows domain with a samba PDC? > > Various applications using SPEGNO/GSSAPI can provide autologin functionality > using this same login if we chose to implement something to that effect, but > that depends entirely on the applications we might use. For example, IE and > Firefox support SPEGNO/GSSAPI, so enabled web applications may use this to > authenticate the client without additional credentials. As long as you don't get tickets for your (windows) clients, this is out of scope. cheers Paul BTW: Does anyone know a site tracking security flaws for kernel 2.6 and the relevant fixes? -- [email protected] mailing list
