Getting Wine to do NTLMSSP authentication and what is needed
on the Samba side
Stefan (metze) Metzmacher
metze at samba.org
Mon Jul 3 09:54:20 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Kai Blin schrieb:
> Looking at those requirements and talking to a couple of people in
> #samba-technical, I see a couple of possible solutions and I depend on your
> help for most of them.
> 1) Spin out the minimal functionality GENSEC library and find a method to
> handle server side functionality later. This approach has the downside that I
> will be deleting some of the functionality I currently have in Wine, as
> ntlm_auth can do server side authentication. On the plus side, it seems that
> ntlmssp_server is the part that would be tricky to LGPL, client side seems
> easier. I could also keep the old ntlm_auth code around for server side
> authentication, which would add bloat to the Wine source, though.
> 2) Scratch the current approach using GENSEC and add handling of NTLMSSP blobs
> to winbind. This would possibly go into Samba 3, and thus be part of a
> distribution's Samba package sooner. It would also mean that there is a nice
> IPC border between the GPL and the LGPL code, so no problems there. I would
> need to rewrite that part of Wine yet again, though.
I would vote for a combination of 1) and 2)
I think we should only pass authentification blobs to winbind,
so that ntlmssp_server.c works with a generic backend,
the current one to samba's auth subsystem.
and one that passes the blob's from gensec_update() to winbind
but the sign and seal should be part of the LGPL'ed library,
as asking winbind for each packet for en/decrypting would be bad!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical