> expected to emulate a Windows Server 200x domain controller.
> But the interoperability issue goes far deeper than this.
> In the domain control protocols that are used by MS Windows
> XP Professional, there is a tight interdependency between
> the Kerberos protocols and the Microsoft distributed
> computing environment (DCE) RPCs that themselves are an
> integral part of the SMB/CIFS protocols as used by Microsoft."
Why are you changing the discussion from authentication to file serving?
> So the kerberos question still remains unless there is more recent
> material somewhere that can show that these problems have been resolved.
> I would have expected some documentation.
What kerberos question? Per your original email
> Allowing AD near any part of your infrastructure is the opposite of
> useful and results in a net loss of productivity. No.
> LDAP+Kerberos is one tried and true option, but there are others
> nowadays. Don't confuse AD with a useful tool or with an authentication
Why are you confusing AD with file serving? The original poster asked
about _AUTHENTICATION_ You are just serving plain FUD.
> Those standards i fully agree with. I got a bit a float there and thought
> you meant it in a broader sense as it's going almost everywhere these days
> where they use pam to glue every one and everything together. But this
> really is off topic from that AD where we started. :)
Not entirely, if you could add something like the following, but pam may
not be so relevant for Squid:
/etc/pam.d/common-krb5 to use as an include file for PAM:
auth sufficient /lib/insecurity/pam_ad.so use_first_pass