From 47f687de81efe67b39ad8c3751e8ff8d82d8c94b Mon Sep 17 00:00:00 2001 From: Daniel Clark Date: Sat, 5 Jun 2004 19:06:16 +0000 Subject: [PATCH 1/1] none --- AFSLore/SMBtoAFS.mdwn | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/AFSLore/SMBtoAFS.mdwn b/AFSLore/SMBtoAFS.mdwn index d304b3c..4a3c8d8 100644 --- a/AFSLore/SMBtoAFS.mdwn +++ b/AFSLore/SMBtoAFS.mdwn @@ -10,10 +10,11 @@
  • kSAMBA
  • SMBKlog
  • FOKSTRAUT
    • +
  • kimpersonate
  • Random Links
    • -
  • Discussion / What are you doing?
    • +
  • Attachments
    • @@ -196,8 +197,23 @@ Disadvantages: - Another possibility would be a web application behind an SSL server running on the same host as the Samba server. - Passwords must be stored in cleartext on the Samba server. +### kimpersonate + +The major problem when exporting the AFS filespace read-write to SMB (Windows fileshareing) using Samba is the transfer of the user token to the smb-server. The simple may is to use clear-text password between the Windows client and the samba-server, and then to get tokens for the user with this password. This solution is clearly not acceptable for security aware AFS administrators. + +Describe here how to make AFS work "securely" with samba. + +On solution is to use \`kimpersonate' + store afs key on fileserver (talk to Love). + +- +- +- +- + +Anyone have links to better doc on this? + ## Random Links 2002-05 discussion on samba-technical: [http://marc.theaimsgroup.com/?l=samba-technical&m=102214554108308&w=2](http://marc.theaimsgroup.com/?l=samba-technical&m=102214554108308&w=2) -## Discussion / What are you doing? +## Attachments -- 1.9.4