[OpenAFS] status of samba serving AFS file space? other non-native windows access?
Volker Lendecke
Volker.Lendecke@SerNet.DE
Wed, 18 Oct 2006 08:19:03 +0200
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Oct 17, 2006 at 05:02:47PM -0400, Jeffrey Altman wrote:
> > And, Samba can nowadays be configured to accept kerberos
> > tickets even without being an ADS member, but Windows
> > clients will not appreciate this. But that's just Windows.
>=20
> This discussion is specifically related to Windows client access to
> AFS. Since Windows CIFS clients won't talk Kerberos to Samba if you
> want to authenticate the users against the Kerberos database you must
> configure the Windows clients to send username and password in the
> clear so that Samba can perform the equivalent of a kinit operation.
Ok, sorry, then I just misunderstood you. I thought you were
talking about the --fake-kaserver option of Samba instead of
the --with-afs option which indeed requires plain text
passwords from the clients.
> I don't know where you can read about it but it is in fact true.
> The reason it took so long to get OpenAFS for Windows to work on
> Vista was because of the TLS support. Every Vista workstation whether
> part of a domain or not is given an X.509 server certificate which
> is used to protect the File and Print Sharing, Remote Desktop, IIS, and
> other remote services.
Really interesting. Do you have a sniff of such a connection
you could share with us? I would like to know how Vista
would start negotiating TLS encrypted SMB connections.
Also CC'ing samba-technical@samba.org, I'm sure that the
Samba community would love to see Windows finally doing SMB
bulk encryption properly.
Thanks,
Volker
--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFFNcdXUROFNttXCWYRAgOoAJ9ldIjzLjU4/HKxKcxqSb6eAgDj4QCgixEo
J+B8wGapNiAN2WYJKapCiTI=
=rWpk
-----END PGP SIGNATURE-----
--7JfCtLOvnd9MIVvH--