[OpenAFS] OpenAFS and Samba 3.0

Nathan Neulinger nneul@umr.edu
16 Jul 2003 07:47:12 -0500


No, it will not. There is no way to delegate credentials to the samba
server, which is what would be required.

You could hack something around it by giving your samba server extreme
access to the afs servers via a copy of the KeyFile, but that is not
trivial, and has significant security concerns. The only reasonable way
to do it is via a sidecar like approach, of which there is nothing
nicely packaged. 

-- Nathan

On Wed, 2003-07-16 at 07:41, Andrew Leahy wrote:
> Hello,
> 
> I've been looking into OpenAFS recently, and one of my concerns about 
> adopting OpenAFS is the requirement I have of providing seemless access to 
> home directories from people on Windows systems.  I've looked at the 
> available options at
> 
> http://grand.central.org/twiki/bin/view/AFSLore/SMBtoAFS
> 
> and it should be possible to provide this using the 'Samba --with-pam 
> option'.  However, I was looking at the release notes for the beta version 
> of Samba 3.0 and they list as a new feature that "Samba 3.0 is now able to
> to join a ADS realm as a member server and authenticate users using 
> LDAP/Kerberos."  I'm wondering:  Will this provide away to set up a SMBtoAFS 
> gateway without sending plain text passwords over the network?
> 
> Thanks.
> 
> Andrew Leahy
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
-- 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
UMR Information Technology             Fax: (573) 341-4216