[OpenAFS] OpenAFS and Samba 3.0

[Leif Johansson]

Nathan Neulinger wrote:

>No, it will not. There is no way to delegate credentials to the samba
>server, which is what would be required.
>  
>
Strictly speeking that is true but you can cheat. If you allow your 
samba server
to have access to the AFS key (hey it's a fileserver anyway and should 
be protected
as such) you can use a program (it's actually in the heimdal distro) 
which lets you
create the users afs ticket in a root preexec statement. Its basically 
saying "I trust
whatever way was used to authenticate the user up to this point and now 
I am
starting over and creating the tokens I need." There is no strong 
cryptographic
association between the user client side credentials (from the domain) 
and the
credentials used in talking to AFS but it works and gets the job done.

       MVH leifj