On Fri, 2003-01-03 at 10:50, Steve Langasek wrote: > Hi Kenneth, > > On Thu, Jan 02, 2003 at 03:38:47PM -0600, Kenneth Stephen wrote: > > > I am trying to understand the state of Samba using Kerberos > > authentication. I see from a search on the web that ADS support is now > > available in Samba, and presumably this uses an encrypted password > > communicated over the network rather than the behaviour that was > > previously available via the --with-krb5 flag. If so, would it not be a > > matter of implementation (as opposed to it being technically infeasible) > > to make sure that --with-krb5 now works with encrypted passwords? Can > > someone clue me in as to this please? > > ADS-style Kerberos support only works when both client and server are > Kerberos-aware, so such Kerberos "encrypted passwords" support would be > limited to Win2K and WinXP clients. This is a question of technical > feasibility, not of implementation. > > It appears that the --with-krb5 option is currently used in connection > with exactly this feature, and that the previous plaintext Kerberos > support has been dropped in 3.0.
It was dropped because that functionality is better implemented via pam_krb5. A patch to re-instate this functionality as an auth module will probably be accepted, if people really want it... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
