pam_winbind and krb5_auth
in [Samba]
|
From: Robert LeBlanc on 8 Jun 2010 23:30 If you configure SSH and NFS, you get passwords logins and mounts. I think mount.smb can use it as well as smbclient. I know that KDE auto logs me into Samba/WIndows file shares without a password just like Windows. If you have Kerberos websites, you can configure your browser to pass tickets and get single-signon. There are quiet a few things you can do. If you have to enter a password, there is usually a way to enable Kerberos for it. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University On Tue, Jun 8, 2010 at 9:17 PM, Matthew Delves <m.delves(a)ballarat.edu.au>wrote: > Hey list, > I'm wondering if there is any advantage to be gained by using kerberos with > pam_winbind. > > I've configured pam_winbind and enabled krb5_auth though apart from being > granted a ticket, I'm unsure as to any advantage that would be gained by > enabling Kerberos. > > Thanks, > Matt Delves > -- > > --------------------------------------------- > Matthew Delves > System Administrator > Information Systems > Networks & Infrastructure > University of Ballarat > ph: 03 5327 9732 > email: m.delves(a)ballarat.edu.au > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Matthew Delves on 9 Jun 2010 00:50 >>> On 9/06/2010 at 1:22 pm, Robert LeBlanc <robert(a)leblancnet.us> wrote: > If you configure SSH and NFS, you get passwords logins and mounts. I think > mount.smb can use it as well as smbclient. I know that KDE auto logs me into > Samba/WIndows file shares without a password just like Windows. If you have > Kerberos websites, you can configure your browser to pass tickets and get > single-signon. There are quiet a few things you can do. If you have to enter > a password, there is usually a way to enable Kerberos for it. > Thanks for that explanation. That's more when using Linux as a workstation. I'm using Linux as a server and am wanting to use Kerberos authentication as a way of achieving SSO. Currently I have the linux server setup so that it retrieves a kerberos ticket when a user logs in via ssh, though when I tell PuTTY to authenticate using kerberos, it still asks for a password. Is there a way to track down just what is going on there? Thanks, Matt Delves. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Robert LeBlanc on 9 Jun 2010 01:10 On Tue, Jun 8, 2010 at 10:48 PM, Matthew Delves <m.delves(a)ballarat.edu.au>wrote: > > > >>> On 9/06/2010 at 1:22 pm, Robert LeBlanc <robert(a)leblancnet.us> wrote: > > If you configure SSH and NFS, you get passwords logins and mounts. I > think > > mount.smb can use it as well as smbclient. I know that KDE auto logs me > into > > Samba/WIndows file shares without a password just like Windows. If you > have > > Kerberos websites, you can configure your browser to pass tickets and get > > single-signon. There are quiet a few things you can do. If you have to > enter > > a password, there is usually a way to enable Kerberos for it. > > > > Thanks for that explanation. That's more when using Linux as a workstation. > I'm using Linux as a server and am wanting to use Kerberos authentication as > a way of achieving SSO. > > Currently I have the linux server setup so that it retrieves a kerberos > ticket when a user logs in via ssh, though when I tell PuTTY to authenticate > using kerberos, it still asks for a password. > > Is there a way to track down just what is going on there? > > It took me a long time to get Kerberos SSH working. My best friends were ssh -vvvv and running sshd in debug mode. It will take a while, but the passwordless login is very nice. I was able to do if from Mac and Linux, I think I got Putty working on one Window's machine, but it required a special version of Putty from what I remember. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] pam_winbind and krb5_auth Next: [Samba] Debian Lenny 3.5.3 packages pam-auth-update |