On Tue, 2003-03-25 at 22:36, Luke Howard wrote: > > >I really don't think that putting keytab code in to Samba is the right answer. > >Do you really want to be in charge of modifying keytabs? This could get > >quite complicate -- especially when you multiply the effort by the number of > >possible encryption types... > > I don't think it's that complicated. It is not difficult to enumerate the > supported encryption types. Moreover, there's no requirement that SAMBA use > the same keytab as other applications, or that keytab support completely > replace the secret store.
I agree that if Samba is changing the password for a particular kerberos principal, then it should store the hashes in the keytab. The idea of *finally* getting kerberos useful on real sites is just too appealing :-) Naturally, the original plaintext password should stay basically where it is. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part