proper nt-style authentication (reactos, wine, samba tng)

Andrew Bartlett abartlet at
Fri Sep 2 08:25:36 CDT 2005

On Fri, 2005-09-02 at 01:39 +0100, Luke Kenneth Casson Leighton wrote:

I will leave the rest of this mail well aside, but I just wanted to
clarify exactly how long we have been providing NTLM authentication
services to external projects:

> 2) write a lovely insecure method of "outsourcing" the username,
> domain and password to an external server - Samba TNG - which performs
> the authentication on your behalf and gets back "real" data.
> this could be done simply with a TCP connection, throw the data
> in-the-clear over to a simple temporary shim service blah blah,
> bob's your uncle.

Like, say the winbind_auth_crap (thank Mr Potter for the name) function
in Samba's winbindd client interface, used successfully by external
projects (Squid in particular) since Samba 2.2?  

Or better still (avoiding reimplementing NTLMSSP) by calling ntlm_auth
(shipped with Samba 3.0 since release)?  Oh wait, we hooked up a Google
SOC student to do just that, and it's working well! :-)

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the wine-devel mailing list