Pass-through Authentication
DaveP
davep at hmgcc.gov.uk
Fri Dec 8 13:19:35 GMT 2000
Is pass-through authentication part of any current or future Samba
release?
We use software derived from pam_smb and pam_ntdom extensively to
authenticate users of Unix systems from an NT domain, and I'd like to
extend this to Apache and POP3 mail using ntlm authentication. The
problem is the sheer number of authentications needed - I suspect that
domain logon is a heavyweight operation and may not be able to cope.
Sniffing at an IIS server running on a non-domain-controller server
communicating with an Internet Explorer client, IIS carries out the
challenge/response handshake with the client, then opens an RPC
connection to a domain controller and calls NetrLogonSamLogon. Data is
exchanged and the IIS server then returns the requested page to the
client (or not). This seems to be a simpler protocol than used by
pam_smb and is persumably able to cope with high transaction rates. The
question is, can it be done using Samba code?
Dave
More information about the samba-ntdom
mailing list