socket interface to winbindd

Andrew Bartlett abartlet at samba.org
Tue Jun 28 21:47:10 GMT 2005


On Tue, 2005-06-28 at 16:44 +0000, Alexey Toptygin wrote:
> Some followup questions now that I'm actually coding this:
> 
> a) Is it OK to send YR, get TT, and then send YR again? I want several 
> authentications in parallel, so I have a pool of helpers; basically, I 
> want to be sure that it's OK for someone to get a chellange, then realize 
> the HTTP client closed the connection and return the helper to the pool 
> without doing some kind of additional cleanup.

Yes, a YR always resets the helper state.

> b) Is there some alternative helper mode where I don't have to hold on to 
> the helper between getting a challenge and doing the actual 
> authentication? It would be much easier for me if I could just store the 
> challenge and return it together with the client response, potientially to 
> a different helper process. This seemed to be possible with the socket 
> interface, but I was the one generating the challenge in that case...

No, the helpers are stateful.  There is more state than just the
challenge sent, and the current design keeps everything fairly simple.  

There is an experimental mode in Samba4 where we handle more than one
state per ntlm_auth process, with an integer prefix, but that is as much
as we go down this road.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050629/df8a4b1f/attachment.bin


More information about the samba-technical mailing list