On Thu, May 23, 2002 at 11:17:41AM +0200, Toens Bueker wrote: > in order to make an easy migration from SMB-based fileservers to an > OpenAFS-filesystem (in order to support various branch offices), I'd like to > setup Samba as a gateway to OpenAFS.
> For unknown reasons documentation on this topic is a little thin. Furthermore > the AFS-patches for Samba seem to be a little out of date (they don't even > mention OpenAFS). > I'm sure, that there are several people, who have accomplished to build such a > gateway. The primary reason why existing AFS+Samba stuff is so out-of-date is that AFS security is quite incompatible with the password hashes used when 'encrypted passwords = yes' is enabled, as must be the case for Samba to work with all stock Windows clients since about 1997. This leaves people wanting to implement Samba AFS gateways with three choices: - Create a gateway that only works with public, anonymous AFS resources. - Create a gateway that allows authenticated access to the wonderful world of secure AFS, but does so by sending plaintext passwords across the network from the Windows client to the Samba server. - (New option) Do a whole lot of work to integrate AFS with a Kerberos realm that uses the same type of encryption as NT, à la Active Directory. Apparently, the AFS community hasn't been keen enough on any of these options for anyone to be motivated to implement an open solution. Steve Langasek postmodern programmer
msg00950/pgp00000.pgp
Description: PGP signature