I have a question regarding this. I submitted a bug on this a while back but
it got closed due to lack of a fix.
What if you have an environment where SMB clients will be from a kerberos
realmA will be accessing a SAMBA share using kerberos auth which is a member of
realmB. Testing of 3.0 revaled that SAMBA had a problem mapping the principal
user@realmA into a username.
Do you think adding a local_name support (much like krb5_aname_to_localname in
MIT) to translate username kerberos principals of non-local kerberos realms
into local account names.
From: krbdev-bounces@xxxxxxx on behalf of Andrew Bartlett
Sent: Mon 5/16/2005 9:36 AM
To: krbdev@xxxxxxx; heimdal-discuss@xxxxxxx; samba-technical@xxxxxxxxx
Cc: Michelle Escalante
Subject: Current ideas on kerberos requirements for Samba4
Just a quick note to let a few more people know that I am putting
together a rough text document describing various things about kerberos.
I'm sure parts are just complete fiction, but I'm still new to many
parts of this game. :-)
The idea is to write down the special things Samba4 will need from
GSSAPI/Kerberos libraries and KDC implementations, however we end up
The current version (updated from SVN) is at:
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net