Using Kerberos to authenticate users

[Chris Stankevitz]

Hello,

Please consider this theoretical scenario:

1. I have a FreeBSD running samba to allow people on windows computers
to read/write files on the hard drive.

1a. I create several users (and passwords) on the FreeBSD system.

1b. Windows users have to enter a "FreeBSD username" in order to
access the share.

1c. Windows users have to enter the corresponding "FreeBSD password"
in order to access the share.

1d. File permissions, enforced by the file system, are based on the
"FreeBSD username".

2. I have configured kerberos according to handbook section 14.5.4
such that "kinit" can be used to "get a windows domain ticket" for a
particular Windows domain user.

Question:

Is it possible to modify my setup such that:

3. I manually add "FreeBSD usernames" to the system such that each new
username is identical to a username on the "windows domain" [A: yes,
of course this is possible]

4. Step (1c) is modified such that the user can type his "Windows
domain password" in order to access the share.

5. Step (1d) still applies

If this is possible, please share with me the keywords and I will be
happy to read more about it in the FreeBSD handbook or man pages.

Thank you!

Chris