Client for Samba networks
Jeremy Allison
jra at samba.org
Tue Dec 18 08:34:04 GMT 2001
On Tue, Dec 18, 2001 at 09:40:41AM -0600, Steven French wrote:
> On the recently discussed of creating Windows client filesystem drivers
> (IFSs) for important network filesystems - I wish it were more practical
> because it would help. But if the interface were not hard enough to write
> to then the practical requirement for using the expensive IFS kit would
> make it even worse. Perhaps it is worth considering a smaller goal - an
> open replacement for the logon and "network neighborhood" function on NT -
> while leaving the rest (the IFS driver) in place. Getting an open network
> provider DLL and/or GINA (logon module) for CIFS on Windows 2000/XP would
> be a big help but also tricky to write (IBM's old SMB GINA for Windows
> NT/2000 would not be a good starting point to use for this purpose
> unfortunately). A skeletal network provider DLL can be pretty small and
> might be the easiest place to start - but who knows what has changed in XP
> (we know the GINA interface changed slightly for XP because it broke our
> IBM SMB logon one).
Trouble is, the GINA interface is the wrong layer. I wrote a Kerberos 5
GINA for Cygnus kerb5, but it wasn't totally useful as the network and
batch logons completely bypass it.
It's not possible with any published Windows interface, as far as I
know, to *completely* replace the authentication functions on a Windows
client. I'm sure it *is* possible, if you knew the hidden API's involved,
but this is getting to Microsoft's crown jewels. They simply will *not*
release these interfaces. Even, it seems, under pressure from the US
government .... -).
Jeremy.
More information about the samba-technical
mailing list