[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSO (Kerberos), samba and windows XP desktop
For what my $0.02 are worth http://www.openinput.com/auth-howto/ may be
a good resource for pointing you in a direction (right or wrong I cannot
On Tue, 2007-04-10 at 10:42 -0700, Henry B. Hotz wrote:
> As he says, you want Samba4.
> "I don't do Windows (TM)" However I think the login interface may
> save your password for NTLM authentication, even if you log in to a
> Kerberos Realm.
> That said, if you use Samba4, then you can configure it to run in the
> same Kerberos Realm that you set up for login. You should be home
> free at that point, with no passwords in Samba (and none needed).
> Don't ask me how to do any of this. I'm talking theory, not personal
> experience. ;-)
> On Apr 9, 2007, at 10:09 PM, Stefan Gohmann wrote:
> > Hello,
> > I don't think that is possible. As far as I know you must be a
> > member in the
> > samba domain. For a real SSO we need Samba4.
> > Maybe it is possible, that you have in the samba enviornment the same
> > usernames and passwords as in the keberos envirenment. But I don't
> > think,
> > that the Windows client will send the username/password as a
> > fallback to the
> > samba server when he did a kerberos logon.
> > Cheers
> > Stefan
> > Am Freitag, 16. März 2007 22:26 schrieb Gustavo Rios:
> >> Dear gentleman,
> >> I have managed to get my windows XP dekstop supporting kerberos
> >> authentication. Within the logon interface, i select my kerberos
> >> realm
> >> domain and authentication is performed through it.
> >> Right now i am planning to incorporate this standalone box in a samba
> >> domain. Since samba provides a domain by its own, i do not know how
> >> retrieve only user information from the samba server and still
> >> authenticating through kerberos. Because in order to do so, i am
> >> required to select the samba domain within the logon interface.
> >> I would like a windows environment much like the unix system can have
> >> the centralized user information managed by nis, but authentication
> >> performed by a kerberos server. Is it possible?
> >> Thanks in advance.
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or email@example.com