[SAMBA4] When to fallback to NTLMSSP?
Andrew Bartlett
abartlet at samba.org
Mon Oct 31 10:41:53 GMT 2005
On Mon, 2005-10-31 at 09:36 +0100, Volker Lendecke wrote:
> On Mon, Oct 31, 2005 at 08:47:44AM +1100, Andrew Bartlett wrote:
> > I've been thinking about this, and I think the right way to handle this
> > is to only directly fail on a positive 'wrong password' to the KDC.
>
> Not sure what windows does, but this sounds right.
Windows is a bit different, because it only uses kerberos from the logon
session, as far as I know. This nicely avoids the most error prone
parts: Getting the tickets, and just falls back if that fails. Hence
why so many networks still run NTLM :-)
When prompted for a username/password, I think they just use NTLMSSP
alone.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051031/c173e57b/attachment.bin
More information about the samba-technical
mailing list