[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian-LAN: installing a complete network environment

I've been working with both Kerberos and Samba for 20 years. Writing "Yet Another Authentication Management Tool(tm)" sounds unappealing, since there are so many well established and tested ones. I'm actually curious what you found inadequate about Samba, especially if you used the 4.0.x releases which have stabilized the LDAP/Kerberos interactions in effective cross-platform ways.

Now, if our friends over in Debian wanted to improve an underlying Kerberos tool that's used for both Debian and Scientific Linux and other red Hat based systems, I'd look at the "authconfig" tool and its /etc/pam.d interactions, which are very flexible and not well managed. *Try* using "authconfig" to delete the default enabled "example.com" Kerberos domain from /etc/krb5.conf, or to manage integraiton with upstream Kerberos domains, I dare you, Or try preventing "authconfig" from resetting values which you didn't put in the command line, or getting it to load from an actual configuration file, or to enable local password expiration. It gets crazy out there!

But that's not a Kerberos problem, that's an authconfig and pam.d managemnt problem.

On Fri, Oct 4, 2013 at 11:13 PM, Darko Gavrilovic <d.gavrilovic@gmail.com> wrote:
To each his own. I actually like the post and his project idea. Also,
claiming that Samba is the be all and end all to all enterprise client
scenarios out there is a little over stating it. On more a few times
have we have to drop Samba as it proved to be inadequate for the

Reply to: