<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Sorry Peter, don't know Kerberos at all, but found this<br><br>http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-samba-servers.html<br><br>which shows smb.config and samba security setup and use of kinit to start kerberos<br><br>and kerberos deployment guide<br><br>http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-kerberos.html<br><br>....and this which relates to your previous request, and may help understand some of the easy bits<br><br>http://www.steve-lacey.com/2006/11/linux_as_a_wind<br><br>HTH<br><br>Aitch<br><br>-----------------------------------------------------------------------------------------------------------------------<br><br><br><br>> Date: Thu, 28 Apr 2011 19:10:34 +0100<br>> From: pchilds@bcs.org<br>> To: kent@mailman.lug.org.uk<br>> Subject: [Klug-general] Kerberos<br>> <br>> Let me get this right.<br>> <br>> Kerberos is a protocol for transferring security details a bit like<br>> ssh private/public keys.<br>> <br>> Kerberos has its own password file to store its passwords in. You can<br>> store them else where but this is not normal.<br>> <br>> LDAP is often used to store the rest of the account details in such as<br>> default shells, home directories etc etc. LDAP can use Kerberos to<br>> store its security data.<br>> <br>> In effect Kerberos is a network replace for the /etc/shadow file and<br>> is attached to pam<br>> <br>> LDAP is a replacement for the nsswitch and is used to replace the<br>> /etc/passwd file which does not store passwords anymore anyway.<br>> <br>> Hence you actually end up with two user databases, one in Kerberos and<br>> one in LDAP which means some database duplication and need to keep<br>> both user lists in sync....<br>> <br>> There is also no reason to need to use LDAP with Kerberos you could<br>> use Kerberos with PostgreSQL if you like.<br>> <br>> You can also tell Kerberos to store its passwords in LDAP but that<br>> means LDAP can't use Kerberos to do its security because you would<br>> then have a circular dependency.<br>> <br>> Kerberos and LDAP are used by SAMBA and need to be set up correctly if<br>> you want to run a PDC with anything less than the simplest of settings<br>> or want Samba to look like an Active Directory.<br>> <br>> Or am I completely up a tree and confused...<br>> <br>> Peter.<br>> <br>> _______________________________________________<br>> Kent mailing list<br>> Kent@mailman.lug.org.uk<br>> https://mailman.lug.org.uk/mailman/listinfo/kent<br> </body>
</html>