socket interface to winbindd

Andrew Bartlett abartlet at
Thu Jun 23 22:51:53 GMT 2005

On Thu, 2005-06-23 at 22:46 +0000, Alexey Toptygin wrote:
> On Fri, 24 Jun 2005, Andrew Bartlett wrote:
> >> I have some questions about the WINBINDD_PAM_AUTH_CRAP command, and about
> >> the interface in general:
> >
> > The interface in general may change, and it is strongly suggested that
> > you should use ntlm_auth as the wrapper for that interface, unless you
> > have a very, very good reason not to.
> Well, I'm calling from inside a threaded webserver... I don't think
> it would be very efficient to be calling system(3) all the time.

Look at how squid and mod_ntlm_winbnd in lorikeet svn does this.
ntlm_auth may be kept around as long as you want.  

> > What protocol are you implementing anyway?
> NTLM HTTP Auth, for a server other than apache.

Then you really don't want to re-implement NTLMSSP.  Use ntlm_auth,
that's what it was built for.

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list