Using Samba for HTTP-NTLM-authentication?
Andrew Bartlett
abartlet at samba.org
Sat Jul 13 02:32:01 GMT 2002
Johann Hanne wrote:
>
> > Basically there are hooks in winbindd (through the AUTH_CRAP command) to
> > authenticate using a challenge and nt/lm responses.
> Wow. Thanks for that hint. I have patched rh73's samba-2.2.3a to include
> the winbind crap stuff and now have a wbinfo -a with both plaintext
> password authentication and challenge/response password authentication
> working.
>
> I already had a look at wbinfo.c and it seems trivial to me to modify
> wbinfo_auth_crap() so that it works in an apache module. I'll try to
> rewrite it so we don't run into another GPL violation. Expect results
> early next week.
No need for that. Just download the mod_ntlm_winbind CVS module from
samba.org (CVSWEB link:
http://cvs.samba.org/cgi-bin/cvsweb/mod_ntlm_winbind/ ) and fix it up
for the current protocol.
If you are just doing plaintext (that is, the client at the far end
sends you a plaintext password, not a NTLMSSP challange-response
password) then just use pam_winbind the mod_auth_pam. That will allow
you use a much more stable interface, as we do change the winbind pipe
from time to time.
I think that kinkie actually got the mod_ntlm_winbind update done, but
I'll need to catch up with him on it. (CC'ed).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list