Current ideas on kerberos requirements for Samba4

Wachdorf, Daniel R drwachd at
Mon May 16 13:29:31 EDT 2005

I have a question regarding this.  I submitted a bug on this a while back but it got closed due to lack of a fix. 

What if you have an environment where SMB clients will be from a kerberos realmA will be accessing a SAMBA share using kerberos auth which is a member of realmB.  Testing of 3.0 revaled that SAMBA had a problem mapping the principal user at realmA into a username.  

Do you think adding a local_name support (much like krb5_aname_to_localname in MIT) to translate username kerberos principals of non-local kerberos realms into local account names.  


-----Original Message-----
From: krbdev-bounces at on behalf of Andrew Bartlett
Sent: Mon 5/16/2005 9:36 AM
To: krbdev at; heimdal-discuss at; samba-technical at
Cc: Michelle Escalante
Subject: Current ideas on kerberos requirements for Samba4
Just a quick note to let a few more people know that I am putting
together a rough text document describing various things about kerberos.
I'm sure parts are just complete fiction, but I'm still new to many
parts of this game. :-)

The idea is to write down the special things Samba4 will need from
GSSAPI/Kerberos libraries and KDC implementations, however we end up
producing things.

The current version (updated from SVN) is at:

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College

More information about the krbdev mailing list