svn commit: samba r17610 - in branches/SAMBA_3_0/source: . lib
jra at samba.org
Sat Aug 19 19:14:14 GMT 2006
On Sat, Aug 19, 2006 at 06:01:34PM +1000, Andrew Bartlett wrote:
> I'm thinking we don't want winbindd to do this. ntlm_auth should, but
> we can leave winbindd stateless in this respect. Winbindd should not be
> returning a NTLMSSP blob, but instead just the NTLM response, which the
> client library can then inject into the NTLMSSP stream.
I might move towards that.
> This would also allow smbclient to use this, even against older servers
> not doing NTLMSSP. Imagine the cups smbprint using this, and finally
> getting working authenticated smb printing, with NTLM or libsmbclient
> using it for transparent gnome-vfs.
There's a horrid hack we use in SLES10 to make this work already,
but in general I like that idea - much nicer than what we do now.
I will modify the NTLM state in Samba3 to store only the NT and
LM hashes, as there is no crypto in NTLMSSP that needs the plaintext
for anything other than generating an intermediate NT or LM hash
I think. I'm still looking into this. If I'm right it'll make
winbindd less sensitive to storing plaintext passwords.
More information about the samba-technical