Using Samba for HTTP-NTLM-authentication?
Johann Hanne
jonny at 1409.org
Fri Jul 12 10:55:28 GMT 2002
Hi folks,
Short version:
--------------
Can anybody tell me if there are hooks in Samba that make it possible
to use it in conjunction with an apache module for HTTP-based
NTLM-authentication?
Long version:
-------------
Internet Explorer can authenticate against a Web-Server using the
so-called NTLM-authentication (see
http://www.innovation.ch/java/ntlm.html). Despite the fact that the method
is braindead, it is extremely useful for Intranets and seems to be
reliable.
The whole thing is based on the authentication used by any SMB client that
connects to a SMB server:
- The client connects to the server
- The server generates and sends some random bytes (challenge)
- The client sends a hash generated from password and challenge
What I need are hooks to:
- Connect to the SMB-Server
- Intercept the random bytes
- Send the hash
The point is that a function that just checks a combination of
username+cleartext-password is not enough, as I don't have a
cleartext-password.
A thing that would be even more interesting is if there is a way to do the
authentication as a domain member, i.e. not by doing
try-and-error-connects but by using the appropriate protocol.
I know there is already an apache module called "mod_ntlm" at sourceforge
(and some extended versions). However, it is very unstable (apache
processes segfault quite often) and it uses SMB code "Copyright (C)
Richard Sharpe 1996". I'd really love to use some current code for it!
I've already found the function domain_client_validate() in
domain_client_validate.c. However, this file seems to unused currently as
it isn't compiled by the makefile and i wasn't able to compile it manually
due to undefined symbols and conflicts with another function with the same
name.
This one is defined in smbd/password.c and is probably used in smbd. Is it
possible to use the function without the smbd environment?
Any comments?
Cheers, Jonny <jonny at 1409.org>
More information about the samba-technical
mailing list