Samba4 KDC progress

Matt Crawford crawdad at
Sun Jun 5 12:57:59 EDT 2005

> I promised I would keep the various lists informed as to our progress
> with the Samba4 KDC experiment.  (But if you feel this cross-posting is
> just noise, let me know).

Here's something that would make this more palatable in deployment at 
my site and, I presume, many others.  Perhaps there's no impediment to 
it already.

If the smbd-served realm contained only service principals and accepted 
cross authentication from the realm holding the user principals, 
filling in the Windowsish authorization from its own database, it would 
work the way our existing W2K realm works when users mount a share from 
a Mac or log in directly with their non-Windows principal.  Most of the 
custom hackery we've done would not be interfered with and would not 
have to be done over.

                 Matt Crawford   <crawdad at>
                 FNAL/CD/CCF/Wide Area Systems
                 +1 630 840 3461

More information about the krbdev mailing list