>I agree that if Samba is changing the password for a particular kerberos >principal, then it should store the hashes in the keytab. > >The idea of *finally* getting kerberos useful on real sites is just too >appealing :-) > >Naturally, the original plaintext password should stay basically where >it is.
In that case, perhaps it *is* better just to provide a get/set command line tool for the secret store rather than trying to hook the keytab into SAMBA per se. -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com
