I really don't think that putting keytab code in to Samba is the right answer.
Do you really want to be in charge of modifying keytabs? This could get
quite complicate -- especially when you multiply the effort by the number of
possible encryption types...
I don't think it's that
On Tue, 2003-03-25 at 22:36, Luke Howard wrote:
I really don't think that putting keytab code in to Samba is the right answer.
Do you really want to be in charge of modifying keytabs? This could get
quite complicate -- especially when you multiply the effort by the number of
possible
I agree that if Samba is changing the password for a particular kerberos
principal, then it should store the hashes in the keytab.
The idea of *finally* getting kerberos useful on real sites is just too
appealing :-)
Naturally, the original plaintext password should stay basically where
it
On Tue, 2003-03-25 at 22:55, Luke Howard wrote:
I agree that if Samba is changing the password for a particular kerberos
principal, then it should store the hashes in the keytab.
The idea of *finally* getting kerberos useful on real sites is just too
appealing :-)
Naturally, the
I really don't think that putting keytab code in to Samba is the right answer.
Do you really want to be in charge of modifying keytabs? This could get
quite complicate -- especially when you multiply the effort by the number of
possible encryption types...
On Friday 21 March 2003 04:14 pm,
On Sat, 2003-03-22 at 06:15, Matt Peterson wrote:
Hi,
In situations where people are operating in a kerberized environment where
Win2k is the KDC, machine objects will have already been created for machines
that are participating in the kerberos realm.
Am I wrong in thinking that
Yes. This is a problem. In the past I have favored a 'krb5 keytab
write' option that would write our password out into the standard
keytab, but there were good reasons not to. The problem is, I can't
remember what they were. Mostly 'if somebody changed our password under
us' stuff.
Hmm, why
Andrew,
On Friday 21 March 2003 03:12 pm, Andrew Bartlett wrote:
On Sat, 2003-03-22 at 06:15, Matt Peterson wrote:
Hi,
In situations where people are operating in a kerberized environment
where Win2k is the KDC, machine objects will have already been created
for machines that are
On Sat, 2003-03-22 at 09:13, Luke Howard wrote:
Yes. This is a problem. In the past I have favored a 'krb5 keytab
write' option that would write our password out into the standard
keytab, but there were good reasons not to. The problem is, I can't
remember what they were. Mostly 'if
