On Mon, Feb 16, 2009 at 7:33 PM, Kanwar Ranbir Sandhu <m3freak at thesandhufamily.ca> wrote: > On Tue, 2009-02-17 at 08:05 +0800, Christopher Chan wrote: >> Maybe kerberos authentication? >> >> I have winbind authentication working here but I have yet to get >> kerberos working to get SSO on Linux desktops. > > Isn't winbind enough? Afterall, winbind gets the kerberos ticket when > the user logs in. > > What's the difference between kerberos auth and winbind auth? The difference is that winbind authentication is NTLM and it's good for that endpoint only, but it can't be forwarded on to other services for a SSO experience (unless there is an NTLM session cache and the applications are written to use it ala Windows, but it is insecure). -Ross