Re: [Samba] Your advices regarding authentication methods compatible with S4
- Date: Mon, 19 Mar 2018 16:36:12 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Your advices regarding authentication methods compatible with S4
On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote:
> Maybe this page might be helpful. I don't know how up to date it is, but
> the expectation seems to be that it should be able to work with
> alternative forms of authentication (with Kerberos PKINIT).
Yeah, I think something that presents as smart card login is likely to
be the best bet. Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords).
The PKINIT stuff is meant to work, certainly worth a play in the lab.
The main thing I would want to check on is revocation of the
certificates (for when a badge is lost/stolen). We may need to work
on that to use some kind of online check or to get Heimdal to re-load
the Certificate Revocation list if it doesn't already.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
To unsubscribe from this list go to the following URL and read the