Pass-through Authentication
Gerald Carter
gcarter at valinux.com
Fri Dec 8 13:40:59 GMT 2000
Dave,
You should read the winbind paper linked off the from page of the samba
web site.
Cheers, jerry
DaveP wrote:
>
> Is pass-through authentication part of any current or future Samba
> release?
>
> We use software derived from pam_smb and pam_ntdom extensively to
> authenticate users of Unix systems from an NT domain, and I'd like to
> extend this to Apache and POP3 mail using ntlm authentication. The
> problem is the sheer number of authentications needed - I suspect that
> domain logon is a heavyweight operation and may not be able to cope.
>
> Sniffing at an IIS server running on a non-domain-controller server
> communicating with an Internet Explorer client, IIS carries out the
> challenge/response handshake with the client, then opens an RPC
> connection to a domain controller and calls NetrLogonSamLogon. Data is
> exchanged and the IIS server then returns the requested page to the
> client (or not). This seems to be a simpler protocol than used by
> pam_smb and is persumably able to cope with high transaction rates. The
> question is, can it be done using Samba code?
>
> Dave
--
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list