On Thu, 2 Jan 2003, Steve Langasek wrote:
> Hi Kenneth,
>
> ADS-style Kerberos support only works when both client and server are
> Kerberos-aware, so such Kerberos "encrypted passwords" support would be
> limited to Win2K and WinXP clients. This is a question of technical
> feasibility, not of implementation.
>
Steve,
Not sure what this means. If I run the Samba server on the same
machine as a server which understood Kerberos authentication (for example,
AIX 5.1 with a DCE based KDC), would that qualify? What about the
extra info that Microsoft stuffs into the Kerberos protocol that I've
heard Win client _need_? I need Samba working with a non-Microsoft KDC.
Yes, Paul Henson's sec_auth patches are available on the net, but
my understanding of the way that solution works is that once you have an
id working via sec_auth, it wouldnt work via straighforward telnet / ssh.
Also, I never quite got it to work correctly with IBM DCE 3.1 .
Thanks,
Kenneth
