I'm trying to understand what kerberos support samba has. If I have a windows XP client with MIT Kerberos for Windows, AND I authenticate to a KDC, will I then be able to use those kerberos auth credentials to access shares in samba? My ignorance here is what happens to the NTLM password hashes. Samba is going to expect a password hash. Can samba be configured to ask a kdc if a kerberos auth token is real? -- David Bear phone: 480-965-8257 fax: 480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Bear wrote: | I'm trying to understand what kerberos support samba has. | | If I have a windows XP client with MIT Kerberos for | Windows, AND I authenticate to a KDC, will I then be able | to use those kerberos auth credentials to access shares | in samba? | | My ignorance here is what happens to the NTLM | password hashes. Samba is going to expect a password hash. | Can samba be configured to ask a kdc if a kerberos | auth token is real? There is code going into Samba 3.0.20 thata will allow smbd to support kerberos tickets when using a keytab and security = user. There's no docs on it yet I'm afraid. But it has already been checked into the SAMBA_3_0 tree and will be in the 3.0.20pre1 release sometime next week. It was work done by Andrew Bartlett. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqETYIR7qMdg1EfYRAsZdAJ4wTWSkmACgOWosTwRpTKbjn/0dqgCbBThs 3XLPOQuggrgaqukRCt9HL9Q=Mel6 -----END PGP SIGNATURE-----