On Fri, 2003-09-26 at 02:43, Steve Smtih wrote: > pam_winbind expects "DOAMIN\name" for authentication, > but pam_kerberos expects just "name". Is there a trick > to stack them such that the pam_winbind modules are > used for account information, but the kerberos modules > do the authentication (with the result being that the > user has a tgt after login).
Given that the mapping from 'short' to 'long' domain names is pretty much a windows thing (DOMAIN\name is [EMAIL PROTECTED]), and the fact that people will expect NT4 trusted domains to still work, I think that one option is to extend pam_winbind to handle this. But that's all about writing new code - for existing options, for a single domain, you might want to look at setting 'winbind use default domain = yes' in your smb.conf. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba