Pass-through Authentication

Gerald Carter gcarter at valinux.com
Fri Dec 8 13:40:59 GMT 2000


Dave,

You should read the winbind paper linked off the from page of the samba
web site.



Cheers, jerry

DaveP wrote:
> 
> Is pass-through authentication part of any current or future Samba
> release?
> 
> We use software derived from pam_smb and pam_ntdom extensively to
> authenticate users of Unix systems from an NT domain, and I'd like to
> extend this to Apache and POP3 mail using ntlm authentication. The
> problem is the sheer number of authentications needed - I suspect that
> domain logon is a heavyweight operation and may not be able to cope.
> 
> Sniffing at an IIS server running on a non-domain-controller server
> communicating with an Internet Explorer client, IIS carries out the
> challenge/response handshake with the client, then opens an RPC
> connection to a domain controller and calls NetrLogonSamLogon. Data is
> exchanged and the IIS server then returns the requested page to the
> client (or not). This seems to be a simpler protocol than used by
> pam_smb and is persumably able to cope with high transaction rates. The
> question is, can it be done using Samba code?
> 
> Dave

-- 
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )






More information about the samba-ntdom mailing list