On Tue, 2003-03-25 at 22:55, Luke Howard wrote:
>
> >I agree that if Samba is changing the password for a particular kerberos
> >principal, then it should store the hashes in the keytab.
> >
> >The idea of *finally* getting kerberos useful on real sites is just too
> >appealing :-)
> >
> >Natur
>I agree that if Samba is changing the password for a particular kerberos
>principal, then it should store the hashes in the keytab.
>
>The idea of *finally* getting kerberos useful on real sites is just too
>appealing :-)
>
>Naturally, the original plaintext password should stay basically wher
On Tue, 2003-03-25 at 22:36, Luke Howard wrote:
>
> >I really don't think that putting keytab code in to Samba is the right answer.
> >Do you really want to be in charge of modifying keytabs? This could get
> >quite complicate -- especially when you multiply the effort by the number of
> >pos
>I really don't think that putting keytab code in to Samba is the right answer.
>Do you really want to be in charge of modifying keytabs? This could get
>quite complicate -- especially when you multiply the effort by the number of
>possible encryption types...
I don't think it's that complic
I really don't think that putting keytab code in to Samba is the right answer.
Do you really want to be in charge of modifying keytabs? This could get
quite complicate -- especially when you multiply the effort by the number of
possible encryption types...
On Friday 21 March 2003 04:14 pm, Lu
>Yes - I think the benefit (getting real kerberos authentication working
>on unix in ADS) outweighs the 'risk' here.
>
>Now, all somebody needs to do is write up the patch or dig one up that's
>already done...
Well, we've submitted read-only keytab patches on a few occasions, albeit
as compile-ti
On Sat, 2003-03-22 at 09:13, Luke Howard wrote:
>
> >Yes. This is a problem. In the past I have favored a 'krb5 keytab
> >write' option that would write our password out into the standard
> >keytab, but there were good reasons not to. The problem is, I can't
> >remember what they were. Mostly '
Andrew,
On Friday 21 March 2003 03:12 pm, Andrew Bartlett wrote:
> On Sat, 2003-03-22 at 06:15, Matt Peterson wrote:
> > Hi,
> >
> > In situations where people are operating in a "kerberized" environment
> > where Win2k is the KDC, machine objects will have already been created
> > for machines th
>Yes. This is a problem. In the past I have favored a 'krb5 keytab
>write' option that would write our password out into the standard
>keytab, but there were good reasons not to. The problem is, I can't
>remember what they were. Mostly 'if somebody changed our password under
>us' stuff.
Hmm,
On Sat, 2003-03-22 at 06:15, Matt Peterson wrote:
> Hi,
>
> In situations where people are operating in a "kerberized" environment where
> Win2k is the KDC, machine objects will have already been created for machines
> that are participating in the kerberos realm.
>
> Am I wrong in thinking t
10 matches
Mail list logo