Web lists-archives.com

Re: [Samba] Your advices regarding authentication methods compatible with S4




On Mon, 2018-03-19 at 11:55 +1300, Garming Sam via samba wrote:
> Hi,
> 
> Maybe this page might be helpful. I don't know how up to date it is, but
> the expectation seems to be that it should be able to work with
> alternative forms of authentication (with Kerberos PKINIT).
> 
> https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login

Yeah, I think something that presents as smart card login is likely to
be the best bet.  Smart cards are a pain, but could certainly help with
the speed (compared with long complex passwords). 

The PKINIT stuff is meant to work, certainly worth a play in the lab. 
The main thing I would want to check on is revocation of the
certificates (for when a badge is lost/stolen).   We may need to work
on that to use some kind of online check or to get Heimdal to re-load
the Certificate Revocation list if it doesn't already. 

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba