proper nt-style authentication (reactos, wine, samba tng)
abartlet at samba.org
Fri Sep 2 08:25:36 CDT 2005
On Fri, 2005-09-02 at 01:39 +0100, Luke Kenneth Casson Leighton wrote:
I will leave the rest of this mail well aside, but I just wanted to
clarify exactly how long we have been providing NTLM authentication
services to external projects:
> 2) write a lovely insecure method of "outsourcing" the username,
> domain and password to an external server - Samba TNG - which performs
> the authentication on your behalf and gets back "real" data.
> this could be done simply with a TCP connection, throw the data
> in-the-clear over to a simple temporary shim service blah blah,
> bob's your uncle.
Like, say the winbind_auth_crap (thank Mr Potter for the name) function
in Samba's winbindd client interface, used successfully by external
projects (Squid in particular) since Samba 2.2?
Or better still (avoiding reimplementing NTLMSSP) by calling ntlm_auth
(shipped with Samba 3.0 since release)? Oh wait, we hooked up a Google
SOC student to do just that, and it's working well! :-)
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20050902/95212875/attachment.pgp
More information about the wine-devel