Using Samba for HTTP-NTLM-authentication?
abartlet at samba.org
Sat Jul 13 02:32:01 GMT 2002
Johann Hanne wrote:
> > Basically there are hooks in winbindd (through the AUTH_CRAP command) to
> > authenticate using a challenge and nt/lm responses.
> Wow. Thanks for that hint. I have patched rh73's samba-2.2.3a to include
> the winbind crap stuff and now have a wbinfo -a with both plaintext
> password authentication and challenge/response password authentication
> I already had a look at wbinfo.c and it seems trivial to me to modify
> wbinfo_auth_crap() so that it works in an apache module. I'll try to
> rewrite it so we don't run into another GPL violation. Expect results
> early next week.
No need for that. Just download the mod_ntlm_winbind CVS module from
samba.org (CVSWEB link:
http://cvs.samba.org/cgi-bin/cvsweb/mod_ntlm_winbind/ ) and fix it up
for the current protocol.
If you are just doing plaintext (that is, the client at the far end
sends you a plaintext password, not a NTLMSSP challange-response
password) then just use pam_winbind the mod_auth_pam. That will allow
you use a much more stable interface, as we do change the winbind pipe
from time to time.
I think that kinkie actually got the mod_ntlm_winbind update done, but
I'll need to catch up with him on it. (CC'ed).
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical