On Sat, 2003-03-22 at 09:13, Luke Howard wrote: > > >Yes. This is a problem. In the past I have favored a 'krb5 keytab > >write' option that would write our password out into the standard > >keytab, but there were good reasons not to. The problem is, I can't > >remember what they were. Mostly 'if somebody changed our password under > >us' stuff. > > Hmm, why would this be a problem? (I mean, I can understand it would be > a problem if it happened while SAMBA was running, but keytabs tend to be > fairly static...)
Yes - I think the benefit (getting real kerberos authentication working on unix in ADS) outweighs the 'risk' here. Now, all somebody needs to do is write up the patch or dig one up that's already done... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
