proper nt-style authentication (reactos, wine, samba tng)

Andrew Bartlett abartlet at samba.org
Fri Sep 2 08:25:36 CDT 2005


On Fri, 2005-09-02 at 01:39 +0100, Luke Kenneth Casson Leighton wrote:

I will leave the rest of this mail well aside, but I just wanted to
clarify exactly how long we have been providing NTLM authentication
services to external projects:

> 2) write a lovely insecure method of "outsourcing" the username,
> domain and password to an external server - Samba TNG - which performs
> the authentication on your behalf and gets back "real" data.
> 
> this could be done simply with a TCP connection, throw the data
> in-the-clear over to a simple temporary shim service blah blah,
> bob's your uncle.

Like, say the winbind_auth_crap (thank Mr Potter for the name) function
in Samba's winbindd client interface, used successfully by external
projects (Squid in particular) since Samba 2.2?  

Or better still (avoiding reimplementing NTLMSSP) by calling ntlm_auth
(shipped with Samba 3.0 since release)?  Oh wait, we hooked up a Google
SOC student to do just that, and it's working well! :-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20050902/95212875/attachment.pgp


More information about the wine-devel mailing list