Kerberos and Samba

Rhon Fitzwater rfitz at
Tue Jul 16 18:54:00 EDT 2002

On Tuesday, July 16, 2002, at 03:59 PM, Steve Langasek wrote:

> On Tue, Jul 16, 2002 at 03:49:00PM -0400, Rhon Fitzwater wrote:
>> 2.  I am currently running your v 4.0 on Mac OS 10.1.5,
>> works great. able to get a ticket like stated.  However I would like 
>> to
>> use that ticket when connecting to a samba server.  so when i run the
>> mount_smbfs command it will use the ticket instead of me typing in the
>> password.
>> In the end we are looking to mount the users home file directory with
>> samba and use kerberos with it for security reasons.  Is there a way 
>> of
>> doing this?  and can it be done when the user is at the login screen?
>> i want some how get the password from login(when user logs in to OS X)
>> and use it to get a kerberos ticket and the use the kerb ticket to 
>> mount
>> the samba volume.
> Is your Samba fileserver running the (alpha) Samba 3.0 code with ADS
> support?
No, we're running 2.2.4 as our test model.
> Are you using Win2K (or WinXP) Active Directory as the KDC for
> your Kerberos realm?
> These are both necessary preconditions for Kerberos-authenticated
> connections to Samba servers at the present time.
If that's the case, I'd be curious as to why the configure file for
building 2.2.4 has

   --with-krb4=base-dir    Include Kerberos IV support (default=no)
   --with-krb5=base-dir    Include Kerberos 5 support (default=no)

listed as options.

> Kerberos-authentication to a Samba server without a Windows KDC is
> doable, but the support isn't there yet.
> Steve Langasek
> postmodern programmer
> <mime-attachment>
Is there a way to get mount_smbfs to use the kerberos ticket?  You said 
some things i mentioned before were possible, could you elaborate a 
little more.  Thanks.

More information about the krbdev mailing list