On Fri, 2003-09-05 at 19:49, C.Lee Taylor wrote: > Greetings ... > > Have a question, was is the advantages of use pam_winbind verses > pam_krb5 for Samba user authentaction? > > I mean, if I point my Linux box Kerberos to a Win2003 AD server, I > am able to authenticate my users out of AD, but at the moment still > having problems with winbind and nsswitch. > > Is there an advantage to using pam_winbind instead of pam_krb5?
The main one is that pam_winbind should be harder to spoof the server for. Particularly with Samba 3.0, and 'client schannel = yes' set. But with the work being done to export a 'normal' kerberos keytab, this should again become a matter of 'how do you want to run your system'. (Because then you can tell pam_krb5 to check the tickets validity for you). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
