 |
 |
On 13/05/2011, at 5:09 PM, Josh Howlett wrote: > >> I'm pleased to report that I managed to get Samba4 working with Moonshot, >> a new GSS-API mechanism based on EAP, RADIUS, and SAML. > > This is excellent! It's particularly good that your approach is mechanism > independent; it's a great demonstration of the value of a common security > architecture. > > So -- and excuse me if this is a daft question -- I take it that Samba4 is > consuming the MS PAC and applying policy using that? Yep. Looking at the code, Samba4 actually can work in the absence of the PAC, in which case it will do a local user lookup of the authenticating principal. Of course, you have to have an account somewhere (but this is nothing new, it applies to Unix authentication also). -- Luke