PAC support from samba4
Luke Howard
lukeh at padl.com
Tue Feb 21 18:01:31 EST 2006
> Do you plan to integrate support for PAC that is now in samba4, so that
>windows-clients could authenticate against MIT KDC?
>
>I'd like to use a UNIX-KDC with our Netapp-filers which would serve both
>NFSv4 and CIFS with kerberos, but currently this is not possible because
>no UNIX-KDC supports the proprietary PAC... this means that the windows
>clients can't use kerberos for CIFS.
PADL's XAD identity server includes support for NetApp Data ONTAP, see:
http://www.padl.com/TechNotes/XADONTAPConfigurationNote.html
for more information. Note that there is a bug in Data ONTAP that prevents
it from working with big-endian domain controllers, so in this environment
XAD needs to run on a little-endian platform (such as i386 or x86-64).
Information on XAD itself can be found at the URL:
http://www.padl.com/Products/XAD.html
Like Samba4, XAD uses Heimdal, however it does support cross-realm trusts
with MIT realms in a manner similar to Windows.
-- Luke
--
More information about the Kerberos
mailing list