[Samba] Automatic Integrated Windows Auth (IWA) in firefox &
nautilus
Jeremy Allison
jra at samba.org
Sat Jul 12 01:05:24 GMT 2008
On Fri, Jul 11, 2008 at 05:13:42PM -0700, Jeremy Allison wrote:
>
> We fixed this in SuSE when I was working for Novell by the
> use of helpers in firefox that would invoke the ntlm_auth
> code for old IIS servers that only use NTLM instead of
> kerberos. Winbindd has to have a credential cache set up
> from login in order to create the NTLMSSP blobs for firefox.
> Note sure of the state of that code integrated into the
> firefox shipped by Ubuntu - I know it's in the openSuSE
> one.
>
> Nautilus could use the same code (although I believe that
> uses krb5 tickets by preference).
>
> You might want to raise this one with launchpad. I can
> help them integrate the same code that was done for
> SuSE is they haven't already done it.
>
> The argument to ntlm_auth is ""ntlmssp-client-1"
Ok, I just checked in the firefox3 source code and
the code to do this is included.
It's under :
mozilla/extensions/auth/nsAuthSambaNTLM.cpp
I've started looking into the firefox binary
on Ubuntu 8.04 with strings, but can't find
the embedded string "ntlm_auth", which would need
to be there in order for this support to be
compiled in.
The place it should be is :
/usr/linb/xulrunner/components/libauth.so
which contains the nsAuthGSSAPI strings,
but not nsAuthSambaNTLM strings. Looks like
someone deliberately didn't compile that into
the Ubuntu version.
Why would anyone do that ? Dumb, dumb, dumb..
Jeremy.
More information about the samba
mailing list