Thanks on the SPNEGO stuff
Stefan (metze) Metzmacher
metze at samba.org
Wed Jul 7 05:02:00 GMT 2004
Andrew Bartlett schrieb:
> Just a quick note of thanks for your work on the SPENGO code, the new
> work looks really good!
> (And as much as I enjoy the authentication stuff, I'm happy to have
> somebody else figure out exact bits on the wire ;-)
> The tasks I see in the near future are:
> ordered negTokenInit:
> We need to define some way to say that Kerberos is always first in our
> list of available mechs, etc. Currently this works fine, as NTLMSSP is
> our only option, but we will want to get this right in future.
yep, we need to be able to configure this, like the endpoint servers in
because a gensec backend is implemented, it's not said that we want to
I would preferr to skip the fallback to GSSAPI or raw NTLMSSP first and
just implemted a clean SPNEGO gensec backend.
and when we are shure we have it right we can deal with the fallback...
I think the problem why the spengo/ntlmssp over cifs doesn't work is
caused by the diffs between ntlmssp.c in 3.0 and 4.0,
3.0 use other NTLMSSP nego flags...
> Server negTokenInit:
> We need the server-side negTokenInit, but that should not be hard.
yep, but first we should get the client working
> There have been a lot of changes in the Samba3 Kerberos code, and we
> need to merge these in.
> We need to make this code async, particularly for the server. See the
> NTLMSSP code for how I sort of expected it to be split. GENSEC needs to
> have some way to deal with all this (where we 'return' then the layer
> that 'waited' calls a continuation function.
yep, on linux futex's can create a filedescriptor which we can use in the
main event loop in the select()...but that's not portable:-(
> We should hook this into the SASL code in libads, when that becomes live
Stefan Metzmacher <metze at samba.org> www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20040707/092d3e6b/signature.bin
More information about the samba-technical