[PATCH] Samba4 SPNEGO support in the server

Andrew Bartlett abartlet at samba.org
Mon Aug 16 04:18:34 GMT 2004

On Wed, 2004-08-11 at 17:34, Andrew Bartlett wrote:
> This patch gets SPNEGO support back up to scratch.
> Just tested with Samba4/Samba4, and not supporting the fun game that is
> SMB signing, this patch should allow us to support NTLMSSP, and in
> future kerberos in the Samba4 codebase.
> (Naturally, Samba3 already does all this, but it's uuggly....)

For those not drinking from the samba-cvs firehose, a few updates on
this work.

Firstly, I should have thanked metze for the massive amount of effort he
has put into making this work - the patch I posted was actually the
patch he sent to me!  (I had intended to post my updated version...).

Added to metze's patch was the changes to our SPENGO code, to handle
server-side SPENGO (this was incomplete), and to rework our SMB signing
engine to handle the particular oddities that is the SPNEGO
authentication case.

metze has also been working on server-side kerberos support, including
PAC parsing, and if Samba4 is compiled
--with-static-modules=gensec_krb5, this can be seen in action!

This brings Samba4 almost to a complete implementation of the Samba3
level of authentication infrastructure, with the flexibility to go far

Andrew Bartlett

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040816/43ac53bb/attachment.bin

More information about the samba-technical mailing list