Kerberos and Samba
Rhon Fitzwater
rfitz at princeton.edu
Tue Jul 16 18:54:00 EDT 2002
On Tuesday, July 16, 2002, at 03:59 PM, Steve Langasek wrote:
> On Tue, Jul 16, 2002 at 03:49:00PM -0400, Rhon Fitzwater wrote:
>
>> 2. I am currently running your kerberos.app v 4.0 on Mac OS 10.1.5,
>> works great. able to get a ticket like stated. However I would like
>> to
>> use that ticket when connecting to a samba server. so when i run the
>> mount_smbfs command it will use the ticket instead of me typing in the
>> password.
>
>> In the end we are looking to mount the users home file directory with
>> samba and use kerberos with it for security reasons. Is there a way
>> of
>> doing this? and can it be done when the user is at the login screen?
>> i want some how get the password from login(when user logs in to OS X)
>> and use it to get a kerberos ticket and the use the kerb ticket to
>> mount
>> the samba volume.
>
> Is your Samba fileserver running the (alpha) Samba 3.0 code with ADS
> support?
No, we're running 2.2.4 as our test model.
> Are you using Win2K (or WinXP) Active Directory as the KDC for
> your Kerberos realm?
YES
> These are both necessary preconditions for Kerberos-authenticated
> connections to Samba servers at the present time.
If that's the case, I'd be curious as to why the configure file for
building 2.2.4 has
--with-krb4=base-dir Include Kerberos IV support (default=no)
--with-krb5=base-dir Include Kerberos 5 support (default=no)
listed as options.
> Kerberos-authentication to a Samba server without a Windows KDC is
> doable, but the support isn't there yet.
>
> Steve Langasek
> postmodern programmer
> <mime-attachment>
Is there a way to get mount_smbfs to use the kerberos ticket? You said
some things i mentioned before were possible, could you elaborate a
little more. Thanks.
More information about the krbdev
mailing list