[PATCH] s3-ntlm_auth: Fix gss-spnego-client to work with gss-spnego
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Feb 1 05:16:18 MST 2012
On Wed, Feb 01, 2012 at 06:43:40PM +1100, Andrew Bartlett wrote:
> The challenge is that it may make the communication with winbind have
> much more state than you were originally hoping, as a proxy here will
> essentially need to remote the entire authentication exchange.
Sure, this will require state in the winbind client struct.
I think we can live with binding that state to the unix
domain socket connection. We should also have only one
outstanding authentication exchange on a winbind connection.
If the connection is cut, just fail the whole conversation.
This differs from the notion that the winbind connection is
stateless, but that's the price we have to pay I think.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list