[OpenAFS] New "B" question: Samba versus AFS.

[Nathan Neulinger]

Something I've considered, but have not really done any significant work
on... 

When you're using samba in conjunction with active directory - you can
have it use the ADC as the authentication source. 

If one were to give the samba server access to the AFS keytab/keyfile, I
would think you could have the samba server put together a valid token
for a user that proved itself with the authentication to AD.

This seems to have the potential for alot of security issues, which is
one of the main reasons I have not pursued it. 

-- Nathan

On Sat, 2002-11-30 at 14:49, Charles Clancy wrote:
> On Sat, 30 Nov 2002, Tino Schwarze wrote:
> 
> > One setup has two Linux servers (one of them is "the AFS server") and
> > only Win98 clients which access files via Samba.
> 
> The problem such a setup is that you must use unencrypted passwords, which
> only increases the samba's lack of security.  Plus, when using unencrypted
> passwords, you can't use samba as a PDC, leaving you with needing to find
> some other way to get people logged into their windows workstations (such
> as a local account).
> 
> IMHO, Samba should only be used sparingly, for clients who abosultely
> can't run the OpenAFS client.  If all your clients are Windows machines
> and you don't want to run the OpenAFS client, you might as well just set
> up an active directory server and stick with a pure Microsoft environment.
> 
> [ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
-- 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216