[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Current ideas on kerberos requirements for Samba4

>Kerberos isn't easy to use or set up - period. Unless you're
>using a Windows KDC. That's just an unpleasant fact of life

I can't argue that, unfortunately.  Whatever else we say about Microsoft,
they do a good job at putting a friendly face on a complicated technology
like Kerberos (I did once try getting some useful Kerberos logs out of
an AD server and I failed, but probably few people would need to do that).
This is the point where the open-source crowd is at it's weakest.

One additional point: _most_ (but maybe not all) open-source Kerberos
implementations support DNS SRV records to find the KDC (the same
way Windows finds it's KDC).  So at least for clients, the issue
of setting up krb5.conf correctly should be a non-issue.  Of course,
that doesn't really correct the OTHER half-billion error messages you
can run into when working with Kerberos :-)