[SAMBA4] When to fallback to NTLMSSP?

Andrew Bartlett abartlet at samba.org
Mon Oct 31 10:41:53 GMT 2005

On Mon, 2005-10-31 at 09:36 +0100, Volker Lendecke wrote:
> On Mon, Oct 31, 2005 at 08:47:44AM +1100, Andrew Bartlett wrote:
> > I've been thinking about this, and I think the right way to handle this
> > is to only directly fail on a positive 'wrong password' to the KDC.
> Not sure what windows does, but this sounds right.

Windows is a bit different, because it only uses kerberos from the logon
session, as far as I know.  This nicely avoids the most error prone
parts:  Getting the tickets, and just falls back if that fails.  Hence
why so many networks still run NTLM :-)

When prompted for a username/password, I think they just use NTLMSSP

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051031/c173e57b/attachment.bin

More information about the samba-technical mailing list