CVS update: tng/source/passdb

Luke Kenneth Casson Leighton lkcl at
Wed Jan 9 17:12:20 GMT 2002

On Wed, Jan 09, 2002 at 02:56:36PM -0500, Cole, Timothy D. wrote:

> Open-source would fail to provide a viable alternative to Microsoft
> services.  The relatively open infrastructure that permitted open source
> would deteriorate from disuse in corporate environments.
> This is the default.

> Other possibilities:

>  * Somebody (the "Apache" project would be the natural candidate) writes an
> "HTTP multiplexer" which permits "Apache", "OpenMSMail" and other standalone
> applications requiring an HTTP transport for whatever to collaborate in a
> generalist way on the same server.  Again, the main practical roadblock to
> implementing MS-SMTP and other services over HTTP is removed.

 in fact, you are pretty close to the mark: more than you realise!

 the reason is that microsoft has added to the list of dce/rpc
 transports that they support - get this: ncacn_http!


 so yes, absolutely, writing a _is_ on the
 TODO list, and it's exactly the same principles.

 do some HTTP headers (including AUTH headers), and then
 once you've authenticated and passed the auth info over
 some communication mechanism to the freedce security
 subsystem, proxy any data transfers occuring
 on port 80 _straight_ over to the freedce subsystem
 for _it_ to deal with.

 the exact same thing needs to happen in samba on ports
 445 and 139, except on the IPC$ "named pipes".

 martin [pool], i didn't mention this before, but this is a good

 as the above ncacn_http example demonstrates, and also the
 ncacn_np example, the involvement by apache [in ncacn_http]
 and the involvement by samba [in ncacn_np] in actual dce/rpc
 packets is NIL!  nothing!  zip!

 you don't even have to parse them, you just act as a proxy.


p.s. the reason that ms added ncacn_http is because well
"*duur* the web _is_ the internet, right????"


More information about the samba-technical mailing list