I want to thank whoever mentioned KerbNet by Cygnus Solutions! Wowza! I recommend that people check it out. It lets you implement Kerberos under UNIX and NT, and have them work together (so you have one *unified* security system that is used by both your NT and UNIX boxes). It's at http://www.cygnus.com/product/kerbnet-index.html It also does authentication *without* sending passwords over the network, greatly enhancing security. And it also lets you open up DES encrypted telnet, ftp and rlogin sessions. I am very impressed with the quality of this package, and encourage those out there who are not familiar with Kerberos to take a look at the package and see what it can do for you. There's quite a learning curve if you are not familiar with Kerberos, but I think it's worth it. Now, I just got it running on my Debian/GNU Linux machine at home, and partially set up on our Linux server at work. HERE'S THE BIG QUESTION: Anyone know how to get *Samba* to work with Kerberos? Is there an easy, painless way or will it require me doing open-heart surgery on the Samba authentication source code? (Which I would be willing to do, *if* there isn't anyone else out there who has already done it.) Thanks! -- Daniel Robbins "IKnowMen;AndITellYouThatJesusChristIsNotAMan.Superf System Administrator icialMindsSeeAResemblanceBetweenChristAndTheFounders Department of OB/GYN OfEmpires,AndTheGodsOfOtherReligions.ThatResemblance University of New Mexico DoesNotExist...BetweenHimAndWhoeverElseInTheWorld drobbins@obgyn.unm.edu ThereIsNoPossibleTermOfComparison." --Napoleon
> Date: Sun, 7 Dec 1997 11:08:12 -0700 > From: Daniel Robbins <drobbins@obgyn.unm.edu> > To: samba@samba.anu.edu.au > Subject: Re: KerbNet! > Message-ID: <19971207110812.30273@obgyn.unm.edu>[snip]> Now, I just got it running on my Debian/GNU Linux machine at home, and > partially set up on our Linux server at work. HERE'S THE BIG QUESTION: > > Anyone know how to get *Samba* to work with Kerberos? Is there an easy, > painless way or will it require me doing open-heart surgery on the Samba > authentication source code? (Which I would be willing to do, *if* there > isn't anyone else out there who has already done it.) > > Thanks![snip] A friend of mine recently setup his RedHat Linux 4.2 boxes with Kerberos authentication and he uses the Kerberos PAM modules to handle all his authentication (including Samba). I am not familiar with Debian Linux so I do not know if it supports PAM out of the box, but if so you may want to look into that approach. If not you may want to look at using a distribution with PAM support, it's real slick =). I don't have any URLs for PAM/Kerberos info handy, but if you have trouble finding it let me know and I will get it from my friend. Good luck, Sean ------------------------------------------ Sean E. Millichamp, Consultant Ingematics - A Division of Compu-Aid, Inc. Voice: 810-756-8000, Fax: 810-756-8004 sean@compu-aid.com
> Date: Sun, 7 Dec 1997 11:08:12 -0700 > From: Daniel Robbins <drobbins@obgyn.unm.edu> > > I want to thank whoever mentioned KerbNet by Cygnus Solutions! Wowza! > I recommend that people check it out. It lets you implement Kerberos > under UNIX and NT, and have them work together (so you have one *unified* > security system that is used by both your NT and UNIX boxes). > It's at http://www.cygnus.com/product/kerbnet-index.html >...snip...> > Anyone know how to get *Samba* to work with Kerberos? Is there an easy, > painless way or will it require me doing open-heart surgery on the Samba > authentication source code? (Which I would be willing to do, *if* there > isn't anyone else out there who has already done it.)You can start with the following block in the Makefile: # This is for Kerberos 5 authentication. Contributed by Nathan Neulinger # Univ. of Missouri - Rolla <nneul@umr.edu> # KRB5_BASE = /usr/local/krb5 # KRB5_FLAGS = -DKRB5_AUTH -I$(KRB5_BASE)/include # KRB5_LIBS = -L$(KRB5_BASE)/lib -ldes425 -lkrb5 -lcrypto -lcom_err I haven't tested the KerbNet Samba combo yet; my little linux box is having bus problems so I've halted the Kerbnet testing until I get the hardware problems resolved (by way of a new motherboard). :-( Please let me know, via the list or by mail, if setting the above KRB5_ values works with the KerbNet implementation. Thanks, -Don
> for PAM/Kerberos info handy, but if you have trouble finding it let me > know and I will get it from my friend.http://www.kernel.org/pub/linux/libs/pam/index.html is a good starting point. <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>