Quoting Jaap Winius <[email protected]>:
Quoting [email protected]:
You might be able to use pgina which is a windows login screen replacement.
There was someone working on a kerberos plugin for it. I am not
sure how far they got. (I haven't tried the 2.x series) I do know I
had openldap (with failover) working with it via a sasl-pam mech.
I didn't get the kerberos plugin working but that was in the 1.6.x
or 1.8.x series. ) ...
Here is what I found for the pgina krb5 plugin:
http://pages.cs.wisc.edu/~timc/pgina/
Although it would not be as ideal as Samba4 with a working AD domain
controller, pGina sounds like a great alternative. However, since
I'm using Windows XP only, that means I would still be restricted to
the last version of pGina 1.x: v1.8.8 from December the 6th, 2006.
See these pGina pages:
http://www.pgina.org/index.php/Main_Page
http://www.pgina.org/index.php/PGina_1.x_Downloads
In addition, judging from the contents of the link you supplied,
timc meant his plugin to work with pGina 2.x, and he hasn't updated
his plugin since October the 6th, 2008.
Therefore, I'm going to conclude that pGina v1.8.8 does not support
Kerberos out of the box, or else timc would not have bothered, and
that his plugin will not work with it either, just as you discovered
for yourself earlier. Pity.
I didn't get to spend a lot of time on it, by the time I got to try
it, they had already killed the project. IIRC I never even got a krb5
ticket with the mit kfw 3.2.2.
Thanks anyway, though. If, in lieu of Samba4, a Vista machine, or a
more modern Windows client, appears on any of my
Kerberos/OpenLDAP/OpenAFS networks, then I will certainly remember
to give your solution a try!
Samba4 says it already supports 'Active Directory' logon and
administration protocols. Since they started with auth, I am guessing
that part is fairly stable. The whole suite for sure isn't production
ready.
If you do try it, grab it out of the git repo, they have a tendency
not to push out release tarballs and not to update the documentation. :)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
