Volker Lendecke wrote:
On Thu, Apr 03, 2008 at 01:34:30PM -0700, Wes Modes wrote:
The question and the challenge: Any leads on how I might convince Samba to pass the input password on to OpenLDAP so that OpenLDAP can authenticate it against Kerberos?

The only chance is that you modify each client's registry to
send plain text passwords to the server over the network,
downgrading your security to what telnet provided ages ago.
You can guess that this is ABSOLUTELY NOT recommended. If
you go with standard Windows authentication schemes, the
SMB server never sees the user's plain text password which
would be required to authenticate against Kerberos.

Volker
Yeah, I'm not so keen on sending plaintext passwords anywhere. It is already moderately-well documented how to connect Samba up to use Kerberos authentication. And my guess is that the Kerberos model would not allow passwords to be sent plaintext. More likely an encrypted hash gets passed? I don't know the precise mechanism, but would like to.

But beyond that, how could one use Samba to pass that encrypted password to LDAP to pass on to Kerberos to authenticate?

W.

--

Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to