On Thu, 2003-01-09 at 08:40, Kenneth Stephen wrote: > > > On Thu, 9 Jan 2003, Luke Howard wrote: > > > > > > My ultimate goal is to get access to a DFS (an IBM DCE > > >application) filesystem on a Linux machine. I am dreaming of the following > > >solution : (1) Samba server which understands Kerberos credentials and > > >which serves up the DFS filesystem as a share(2) a Linux mount of the > > >smbfs share and with the Linux server set up to understand Kerberos > > >credentials. The question here would be if the smbfs client side would > > >understand the kerberos credentials of the user? > > > > I think you could do this using delegation. > > > Luke, > > I'm afraid you'll have to explain it a bit more. Searching the web > for "samba" or "smbfs" in conjunction with "delegation" doesnt turn up > anything but false positives. I assume you mean that I somehow have to get > the authentication piece on the Linux client side for smbfs delegated to > something else (the Samba server side? Isnt that the way things normally > happen?).
If you were to connect to Samba using the CIFS VFS client (when it gets kerberos support) or smbmount from Samba 3.0 (slightly modified), you can pass a kerberos ticket to the server. The server can be 'trusted for delegation' by the KDC, which means that it can take the ticket passed from the client, and use it in the client's place. (In this case to acquire access to DCE resources). I'm not sure why you would want to do this however, when you could just mount the DFS stuff onto Linux (I assume there is a client...). This would be more interesting with Win2k clients doing kerberos authentication and getting access to previously unix-only resources. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
