In a message dated: Tue, 24 Feb 2004 07:52:28 +1100 Andrew Bartlett said: >Getting windows clients to talk to MIT krb5 is possible, but my >understanding is that you loose most of the benifits of NT domain >intergration. (You end up maintaining a lot of local accounts).
Hmmm, that's exactly what I'm trying to avoid. We don't currently have an NT domain, so I'm not exactly clear on what benefits I'd be missing other than the accounts thing. But, if we're just talking about getting Win clients to auth against MIT K5, do I even need Samba? >I've done some work on the reverse. We have an NT password database >(samba's passdb backend) and we can use that same database to become a >kerberos server. So, are you saying that both k5 and samba would look at the same database for authentication? i.e. passdb points to LDAP, as does k5? >I know it's not really what you were looking for, but here is my posting >to the samba-technical list: >http://marc.theaimsgroup.com/?l=3Dsamba-technical&m=3D107748396331431&w=3D2 Thanks, it's not what I was looking for, but it might be the best way to go. >At the very least, what I have done here makes Heimdal's LDAP backend >function again. Does MIT's k5 have an LDAP backend option? (I'm actually very new to k5, so I'm getting my feet wet in all sorts of interesting ways lately :) Thanks, -- Seeya, Paul GPG Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE If you're not having fun, you're not doing it right! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
