Auth types for Samba4 SWAT

Andrew Bartlett abartlet at
Sat May 28 21:27:58 GMT 2005


While I agree that nice HTTP forms look prettier than HTTP
authentication, particularly for the basic case, I'm concerned about
your IRC comments (hi jra ;-) that HTTP authentication doesn't matter,
because of our self-signed SSL certificate.

While I think that such support should be optional, we should allow both
NTLM and 'Negotiate' (GSS-SPNEGO) authentication for the webserver,
possibly via a different URL prefix, or other 'marker'.  

These authentication types can be (when a user logs in from a member of
the domain, or has the appropriate kerberos credentials) entirely
transparent.  If we allow these, there need be no extra 'authentication
step' over what Microsoft offers with their administration tools, and we
avoid a clear-text password, no matter what the channel security (or

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list