Kerberos, ADS and NFSv4
Timo Aaltonen
tjaalton at cc.hut.fi
Mon Aug 28 07:44:48 BST 2006
On Mon, 28 Aug 2006, Edward Murrell wrote:
> I have most of the above working, except for NFSv4. It's installed, and
> it transfers files, but the group permissions are just plain broken.
It's working fine here. The server is a Data ONTAP 7.1 (NetApp), though.
Sudo is making life a bit difficult though, since the credentials are not
delegated to the sudoed root (ie. you can't access your $HOME..).
> So far, I have been unable to get Samba to use Kerberos. My
> understanding is that Microsoft has essentially stuffed LDAP information
> inside their Kerberos implementation in an undocumented way. This means
> that Linux can use MS Kerberos, by ignoring the bits it doesn't
> understand, but the reverse is not always true. However, I think
> (untested) an AD server can 'translate' an MIT Kerberos server for it's
> Windows clients.
Samba4 has been able to do this for a while now (it uses Heimdal
internally). It's still in alpha, though.. If only the MIT-people used the
same reverse-engineered code, then we might have an M$-compliant free/open
KDC sooner.
t
More information about the ubuntu-devel
mailing list