[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSO (Kerberos), samba and windows XP desktop

To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: SSO (Kerberos), samba and windows XP desktop
From: Pat Riehecky <prieheck@iwu.edu>
Date: Tue, 10 Apr 2007 12:59:02 -0500
Cc: Stefan Gohmann <gohmann@univention.de>, Gustavo Rios <rios.gustavo@gmail.com>
In-Reply-To: <4719BF1E-2E43-4757-A39A-8BC553209F25@jpl.nasa.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: Illinois Wesleyan University
References: <ad30fc090703161426t6ff7fd88m4a23a08c2c3c6efc@mail.gmail.com> <200704100709.24711.gohmann@univention.de> <4719BF1E-2E43-4757-A39A-8BC553209F25@jpl.nasa.gov>
Reply-To: heimdal-discuss@sics.se, Pat Riehecky <prieheck@iwu.edu>

For what my $0.02 are worth http://www.openinput.com/auth-howto/ may be
a good resource for pointing you in a direction (right or wrong I cannot
say)

Pat

On Tue, 2007-04-10 at 10:42 -0700, Henry B. Hotz wrote:
> As he says, you want Samba4.
> 
> "I don't do Windows (TM)"  However I think the login interface may  
> save your password for NTLM authentication, even if you log in to a  
> Kerberos Realm.
> 
> That said, if you use Samba4, then you can configure it to run in the  
> same Kerberos Realm that you set up for login.  You should be home  
> free at that point, with no passwords in Samba (and none needed).
> 
> Don't ask me how to do any of this.  I'm talking theory, not personal  
> experience.  ;-)
> 
> On Apr 9, 2007, at 10:09 PM, Stefan Gohmann wrote:
> 
> > Hello,
> >
> > I don't think that is possible. As far as I know you must be a  
> > member in the
> > samba domain. For a real SSO we need Samba4.
> >
> > Maybe it is possible, that you have in the samba enviornment the same
> > usernames and passwords as in the keberos envirenment. But I don't  
> > think,
> > that the Windows client will send the username/password as a  
> > fallback to the
> > samba server when he did a kerberos logon.
> >
> > Cheers
> > Stefan
> >
> > Am Freitag, 16. März 2007 22:26 schrieb Gustavo Rios:
> >> Dear gentleman,
> >>
> >> I have managed to get my windows XP dekstop supporting kerberos
> >> authentication. Within the logon interface, i select my kerberos  
> >> realm
> >> domain and authentication is performed through it.
> >>
> >> Right now i am planning to incorporate this standalone box in a samba
> >> domain. Since samba provides a domain by its own, i do not know how
> >> retrieve only user information from the samba server and still
> >> authenticating through kerberos. Because in order to do so, i am
> >> required to select the samba domain within the logon interface.
> >>
> >> I would like a windows environment much like the unix system can have
> >> the centralized user information managed by nis, but authentication
> >> performed by a kerberos server. Is it possible?
> >>
> >> Thanks in advance.
> 
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
> 
>

Follow-Ups:
- Re: SSO (Kerberos), samba and windows XP desktop
  - From: paul@subsignal.org

References:
- Re: SSO (Kerberos), samba and windows XP desktop
  - From: Stefan Gohmann <gohmann@univention.de>
- Re: SSO (Kerberos), samba and windows XP desktop
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: SSO (Kerberos), samba and windows XP desktop
Next by Date: Re: SSO (Kerberos), samba and windows XP desktop
Prev by thread: Re: SSO (Kerberos), samba and windows XP desktop
Next by thread: Re: SSO (Kerberos), samba and windows XP desktop
Index(es):
- Date
- Thread