[CentOS] Re: Fix passwd/shadow/group files? -- network architecture is always piecemeal

Bryan J. Smith b.j.smith at ieee.org
Sun Jul 17 23:35:21 UTC 2005


From:  Feizhou 
> I know what a Kerberos authentication system is.
> You mean a core  component in Samba 3.0's functionality as an ADS client.

You're still artificially limiting your understanding.
Kerberos (with the MS extensions in the case of 200x/XP) is how objects authenticate each other and grant tickets for access in a Kerberos realm.

Samba can use Kerberos how it sees fit.
As a client/member server (with MS Extensions) to native MS ADS DCs,
or to 200x/XP clients in the absence of native MS ADS DCs.

The issue is when you have native MS ADS DCs,
because Samba doea not understand MS ADS DC-to-DC replication.
Otherwise, the authentication process to clients is no different.

But that's only authentication.
Again, stop thining "aggregate," think naming, directory, authentication and file services individually.



More information about the CentOS mailing list