Samba PDC + Kerberos and LDAP questions (No AD present)
NOTE: I've scoured the web for documentation on this topic and have yet to find any, so in case I am just totally blind and missed it, please feel free to tell me to RTFM if you can tell me where TFM is.
... With that out of the way ...
I have a Samba + LDAP infrastructure going and want to add Kerberos to the mix, to support SSO applications and additional authentication sources such as SAML. However, I can't seem to find any documentation on how to add Kerberos to Samba in this way. There's plenty of docs that show how you can attach a Samba file server to Kerberos so that you don't need to re-auth to attach to file stores (most of these are basically Samba-within-AD environments). In these setups, Samba consumes Kerberos and uses it to determine if someone is identified and authenticated. That, however, is not what I need to achieve.
In a nutshell, I'm looking for a way for the Samba server to initiate the Kerberos session when someone logs into the Samba server. In this way, with a Kerberos session initialized, users would then in theory be able to access other services without a secondary log in. If we could then also Kerberize a SAML service, that would allow us to do the same with webapps.
We're currently running Samba 3 and have the SAMBA + LDAP setup done, is this even possible, and if so, how?
|