[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can i integrate KERBEROS/LDAP for Windows password-hashs ?



>>I haven't tried this, but have you looked at the Kerberos for Windows (KfW)
>>package from MIT?
>That's not what i really want.
>I wanna have LDAP having control over
>UNIX/Windows-passwords. Windows itself won't know anything about KERBEROS.
>It shall work like this.
> Windows/UNIX 
> logon/authetification
>    |    ^
>    |    |
>    |> Samba <-
>        |     |
>        |-> LDAP  <------
>             |           ^
>             |> KERBEROS |
>                Authentification

I don't think this is possible.  The NT domain model (the only PDC mode
supported by Samba) requires the NT hash in order to function.  "Domain"
+ Kerberos integration is, AFAIK, a facet of Active Directory Server. 
It is entirely possible to operation a Samba Domain with Kerberos
password syncronization,  so all services except the domain services can
be kerbized (imap, etc...).