-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Sensei írta: | On Sat, 2004-04-10 at 16:07, Andrew Bartlett wrote: | | |>Samba cannot use the kerberos tickets directly - not unless the KDC is |>Active Directory (for now). But it is possible for Samba to use the |>same password store. (For NTLM, but not kerberos passwords) |> |>What is your KDC? MIT or Heimdal? Are you using the Heimdal LDAP backend? | | | MIT K5. The passwords are stored only in the kerberos database. | | |>While the work is still new, there is support in Heimdal to read Samba |>password entries in LDAP. There is also an OpenLDAP plugin to set |>both Samba and Kerberos passwords on password change. |> |>You would need to manually edit your LDAP database, to expose the |>passwords in 'Samba' format - potentially a dump and restore of the |>Heimdal entries might do it, if the sambaSamAccount objectClass was |>added, and you used a current snapshot. | | | It would be nice to have just kerberos passwords. I've done this with | ldap (sasl gssapi authentication via k5) and afs (tokens are released on | ticket releasing). | | The main issue is the integrated windows login: a student must login, | gain tickets and token, and have his windows home dir set to what ldap | shows him: this means that afs must be enabled at boot. | | How would you do this? I don't have any clues... | I see a different solution here: User authenticate to a Samba controled Domain, and because Samba has the Kerberos password(=NTPassword hash) it could impersonate the user, accting to the AFS/Coda cell on behalf of her/him. In this way Samba could become a gateway between Windows clients and AFS/Coda servers. Unfortunatelly I don't know how could be that implemented.
Cheers,
Geza -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAem21/PxuIn+i1pIRAuJNAKCmFU8Sr+iqN3Vijm1VbepNFXVPvQCfRTLX AFLmUljvrcCfMfJt4Tmu7RY= =IAYb -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
