[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSO (Kerberos), samba and windows XP desktop

To: heimdal-discuss@sics.se, Stefan Gohmann <gohmann@univention.de>
Subject: Re: SSO (Kerberos), samba and windows XP desktop
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Tue, 10 Apr 2007 10:42:50 -0700
Cc: "Gustavo Rios" <rios.gustavo@gmail.com>
In-Reply-To: <200704100709.24711.gohmann@univention.de>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <ad30fc090703161426t6ff7fd88m4a23a08c2c3c6efc@mail.gmail.com> <200704100709.24711.gohmann@univention.de>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

As he says, you want Samba4.

"I don't do Windows (TM)"  However I think the login interface may  
save your password for NTLM authentication, even if you log in to a  
Kerberos Realm.

That said, if you use Samba4, then you can configure it to run in the  
same Kerberos Realm that you set up for login.  You should be home  
free at that point, with no passwords in Samba (and none needed).

Don't ask me how to do any of this.  I'm talking theory, not personal  
experience.  ;-)

On Apr 9, 2007, at 10:09 PM, Stefan Gohmann wrote:

> Hello,
>
> I don't think that is possible. As far as I know you must be a  
> member in the
> samba domain. For a real SSO we need Samba4.
>
> Maybe it is possible, that you have in the samba enviornment the same
> usernames and passwords as in the keberos envirenment. But I don't  
> think,
> that the Windows client will send the username/password as a  
> fallback to the
> samba server when he did a kerberos logon.
>
> Cheers
> Stefan
>
> Am Freitag, 16. März 2007 22:26 schrieb Gustavo Rios:
>> Dear gentleman,
>>
>> I have managed to get my windows XP dekstop supporting kerberos
>> authentication. Within the logon interface, i select my kerberos  
>> realm
>> domain and authentication is performed through it.
>>
>> Right now i am planning to incorporate this standalone box in a samba
>> domain. Since samba provides a domain by its own, i do not know how
>> retrieve only user information from the samba server and still
>> authenticating through kerberos. Because in order to do so, i am
>> required to select the samba domain within the logon interface.
>>
>> I would like a windows environment much like the unix system can have
>> the centralized user information managed by nis, but authentication
>> performed by a kerberos server. Is it possible?
>>
>> Thanks in advance.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: SSO (Kerberos), samba and windows XP desktop
  - From: Pat Riehecky <prieheck@iwu.edu>
- Re: SSO (Kerberos), samba and windows XP desktop
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- Re: SSO (Kerberos), samba and windows XP desktop
  - From: Stefan Gohmann <gohmann@univention.de>

Prev by Date: Re: SSO (Kerberos), samba and windows XP desktop
Next by Date: Re: SSO (Kerberos), samba and windows XP desktop
Prev by thread: Re: SSO (Kerberos), samba and windows XP desktop
Next by thread: Re: SSO (Kerberos), samba and windows XP desktop
Index(es):
- Date
- Thread