[OpenAFS] status of samba serving AFS file space? other non-native windows access?
Wed, 18 Oct 2006 08:19:03 +0200
Content-Type: text/plain; charset=us-ascii
On Tue, Oct 17, 2006 at 05:02:47PM -0400, Jeffrey Altman wrote:
> > And, Samba can nowadays be configured to accept kerberos
> > tickets even without being an ADS member, but Windows
> > clients will not appreciate this. But that's just Windows.
> This discussion is specifically related to Windows client access to
> AFS. Since Windows CIFS clients won't talk Kerberos to Samba if you
> want to authenticate the users against the Kerberos database you must
> configure the Windows clients to send username and password in the
> clear so that Samba can perform the equivalent of a kinit operation.
Ok, sorry, then I just misunderstood you. I thought you were
talking about the --fake-kaserver option of Samba instead of
the --with-afs option which indeed requires plain text
passwords from the clients.
> I don't know where you can read about it but it is in fact true.
> The reason it took so long to get OpenAFS for Windows to work on
> Vista was because of the TLS support. Every Vista workstation whether
> part of a domain or not is given an X.509 server certificate which
> is used to protect the File and Print Sharing, Remote Desktop, IIS, and
> other remote services.
Really interesting. Do you have a sniff of such a connection
you could share with us? I would like to know how Vista
would start negotiating TLS encrypted SMB connections.
Also CC'ing firstname.lastname@example.org, I'm sure that the
Samba community would love to see Windows finally doing SMB
bulk encryption properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----