The University of Michigan implemented a Network Provider module that interfaces with a kerberized "rendezvous" daemon that runs on each samba server. The idea is this:
Let the client obtain it's own AFS token, connect to the rendezvous daemon, supply the token, receive a random "cookie" to be used as a password, close connection to rendezvous and continue with the SMB connection to the samba server replacing the user's *real* password (or NTLM hash) with the cookie (or hash of cookie) that was obtained. The connection with the rendezvous daemon uses kerberos session keys for encryption (thus requiring a Kerberos client to be available to the Network Provider -- I'm working on using MIT KfW for that). When the samba server receives the connection attempt, it looks in the rendezvous file, for the token to use (based on cookie given, IP address, username, etc...). If a match is found, the corresponding token is set in the kernel (via pioctl()) and your on your way... It does take a little development on the Win32 side to get the Network Provider, but the concept seems sound to me and worth investigating if you have some time to develop. UMICH's work can be found here: http://rsug.itd.umich.edu/software/ksamba.html -- kevin /------------------------------------\ | Kevin Rowland | | Sr. Systems Engineer | | Office of Information Technology | | University of Notre Dame | \------------------------------------/ "Tompkins, Joel L" wrote: > > Can anyone out there tell me if there is any kind of SAMBA - AFS > bridge?? (apologies to Charles Clancy for the mis-send) > > Joel Tompkins > Senior Information Systems Engineer > Boise Cascade Corporation > 208-384-6415 > [EMAIL PROTECTED] > > _______________________________________________ > OpenAFS-info mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-info -- _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
