CentOS Winbind authentication and network shares and SSO

Question

In a centos 6.4 32bit box user login authentication uses winbind to get accounts from a windows active directory domain. When users try to access windows shares from gnome interface he is prompted to enter username and password, the same used at login. Is it possible to avoid to retype the passwords?

If in a terminal the user type "kinit" he is prompted for his own password (no username) and then gnome is able to browse windows shares on most of the hosts.

Is it possible to avoid this bothering behaviour?

Answer 1

You can switch to use SSSD instead of winbind. SSSD is capable to handle transparent kerberos ticket handling for a user logged into machine and even renew it on user's behalf.

Read chapter 11.2 of RHEL deployment guide for details: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html, specifically 11.2.13 which deals with AD domains.

You may also check AD integration presentation for SSSD: http://www.freeipa.org/images/d/dd/Freeipa30_sssd-ad-provider.pdf