Samba and MIT Kerberos

Andrew Bartlett abartlet at
Fri Apr 15 22:28:44 EDT 2005

On Fri, 2005-04-15 at 22:13 -0400, Jeffrey Altman wrote:
> Andrew:
> One of my tasks for the MIT Kerberos 1.5 release is to add support
> for the gss_krb5 functions currently present in Heimdal which make
> it possible for Samba to implement the CIFS compatible digital
> signatures and encryption as well as the authz data.  The ticket for
> this in the request tracker is 2937.
> Please advise me of any functions you require that MIT currently
> does not support in addition to the gss_krb5_get_subkey and
> gsskrb5_extract_authz_data_from_sec_context functions.

We also require the DCE_STYLE GSSAPI encryption, (metze has a modified
version of heimdal in a branch of our lorikeet SVN repository that
implements this, but has been dragged back into studies and not cleaned
it up for submission).

On the KDC server-side, we are yet to fully determine what we need - we
have a hdb module for Heimdal, but it's a kludge in places and by the
time we finish all this we expect to have futher and more bizarre
requirements in this area.

None of this is helped by the fact that I really don't know what I'm
doing when it comes to kerberos stuff ;-)

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list