[Gllug] Samba - Add Active Directory User to UNIX Group?
Bruce Richardson
itsbruce at workshy.org
Fri Oct 9 16:03:38 UTC 2009
On Fri, Oct 09, 2009 at 04:40:03PM +0100, Juergen wrote:
> Or change samba to be the domain controller and keep all the user in LDAP
> and if you really want to have the fun implement MIT-Kerberos5 and enjoy
> single sign on.
You can still have single sign-on with AD. It's just another kerberos
service, from that perspective.
If across-the-board kerberos integration were really important, I
wouldn't choose Windows and AD but I wouldn't choose Linux either (PAM
support for Kerberos still has some holes[0]) Solaris/OpenSolaris has
done much more work on getting it working well and even OS X has more
kerberised utilities by default.
[0]To be fair, it's not just a problem PAM has with Kerberos. PAM has a
general need to be able to pass encrypted tokens between modules, rather
than just plain text passwords, before it can be properly used to add
secure authentication to components that don't have explicit support for
it.
--
Bruce
I must admit that the existence of Disneyland (which I know is real)
proves that we are not living in Judea in AD 50. -- Philip K. Dick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20091009/e2b01c0b/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list