Current ideas on kerberos requirements for Samba4

Alan DeKok aland at
Tue May 24 13:15:57 EDT 2005

"James F. Hranicky" <jfh at> wrote:
> I don't know the intimate details of what AD clients expect from an AD 
> controller, but I wonder if perhaps the requirements could be addressed 
> by a meta-smbd of sorts? The meta-smbd acts as an AD controller, but 
> passes off requests for various services to the respective daemons, 

  Except that AD requires that the other protocols talk to each other,
too.  That is, they *all* share a common data set, and each protocol
must server a view of the database, and that view must be consistent
across all protocols.  This integration means that much of the
internal state of each daemon must be exposed to others, and must be
modifiable by others.

  If we had a "uber-DB" underlying all of the daemons, this would be
easy.  This is the implementation Microsoft has, which influenced
their design.  I don't know if it was intentional, but the endless
protocol integration makes it much more difficult for Samba to
inter-operate with AD.

  Alan DeKok.

More information about the krbdev mailing list