Web lists-archives.com

Re: [Samba] Your advices regarding authentication methods compatible with S4




 

Hi Andrew, Hi Sam, 

Many thanks for your quick replies, we already
worked on this doc page but due to the lack of smart card reader/writer,
we did not finished the setup. We'll buy some hadware and create a
testing S4 lab to finish this config. 

What about biometry ? Is there a
way to store any biometrical information into the ldap backend ? 

Is
there by any chance any other third-party authentication method/tool
that we can plug on S4 ? We would be pleased to avoid using another
smart card if possible. 

Cheers. 

--

Olivier B

Le 2018-03-19 04:36,
Andrew Bartlett a écrit : 

> On Mon, 2018-03-19 at 11:55 +1300, Garming
Sam via samba wrote:
> 
>> Hi, Maybe this page might be helpful. I don't
know how up to date it is, but the expectation seems to be that it
should be able to work with alternative forms of authentication (with
Kerberos PKINIT).
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login [1]
> 
>
Yeah, I think something that presents as smart card login is likely to
>
be the best bet. Smart cards are a pain, but could certainly help with
>
the speed (compared with long complex passwords). 
> 
> The PKINIT stuff
is meant to work, certainly worth a play in the lab. 
> The main thing I
would want to check on is revocation of the
> certificates (for when a
badge is lost/stolen). We may need to work
> on that to use some kind of
online check or to get Heimdal to re-load
> the Certificate Revocation
list if it doesn't already. 
> 
> Andrew Bartlett
 

Links:
------
[1]
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba