Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for June 20, 2013
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Completely untrue. Samba clients and servers use kerberos, and have for many, many years. Stop telling untruths about the project.
Posted Feb 4, 2010 22:52 UTC (Thu) by tridge (guest, #26906)
Unless you have an AD DC in the picture, released versions of Samba do
primarily use NTLM* variants for authentication (wrapped in various
auth wrappings like SPNEGO and NTLMSSP). Where the poster went off
track a little bit is in thinking that current versions of NTLM still
use DES, which is not true. Samba, like Windows, has deprecated the
DES based challenge-response authentication for quite a while. The
most commonly deployed auth in Samba these days (if you are not
connected to a AD DC) is MD4 based. The same is true for Windows if
you have not configured an AD domain, or if you (for example) connect
to a Windows server by IP address instead of DNS name (as kerberos
then doesn't work). It may not be bleeding edge when it comes to
crypto, but it isn't terrible either.
Apart from that, I think the core of what drag has posted is
correct. Microsoft did make kerberos+LDAP much easier to deploy by
integrating it tightly with their OS, and building lots of other
services on top of it. That has created a very attractive
administration and security package for admins to use. There are a
number of great efforts to create something similar in a Linux only
environment (as detailed in a few posts above), but they have not yet
reached the level of refinement that AD has.
PS: of course you know all this, I just wanted to clarify the details
for the record on LWN
Posted Feb 5, 2010 17:21 UTC (Fri) by drag (subscriber, #31333)
I am certainly no expert on the subject. I just get frustrated trying to do
the same things on Linux that have been relatively very easy to do on
Windows for years now.
Please stop spreading false information
Posted Feb 5, 2010 1:36 UTC (Fri) by kjp (subscriber, #39639)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds