Volker Lendecke wrote: > On Fri, Feb 03, 2006 at 10:08:31AM +0100, Horst Birthelmer wrote: >> ... and, Samba and AFS are as secure or unsecure as the admins make >> it. The question is how much work you would have to do, to make it >> secure, but that's completely beyond the point. > > The only real thing you can't get with SMB native is transport encryption. > Transport signing is there, you _can_ nail down auth to just krb (losing > functionality, but what can you do, you have windows clients). Everything else > is comparable. > > Volker
Many of the sites I am aware of use a Samba gateway to AFS not to support the Windows clients, they use it to support the MacOS X clients because there has yet to be a truly stable and Finder friendly version for MacOS X. These clients won't use Kerberos (and neither will standalone Windows systems) unless you push out some configuration data to join the machine to your domain/realm. Since you have to touch the boxes anyway, you might as well install an AFS client while you are at it. People talk about how bad the performance of AFS is. It is nowhere near as bad as the performance of SMB. You want your AFS client close to the user because that way the AFS Cache Manager will actually benefit your user. If the only contact with AFS is via Samba, you also have the problem that clients are unable to manage ACLs, check quota, create mount points, etc. since SMB/CIFS does not support those operations. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
