Samba4: ntlm_auth questions
abartlet at samba.org
Tue Mar 28 22:31:51 GMT 2006
On Tue, 2006-03-28 at 16:52 +0200, Kai Blin wrote:
> Hi folks,
> I'm currently investigating using the samba 4 gensec code to encrypt
> messages using NTLM. It looks like source/auth/ntlmssp/ntlmssp_sign.c
> has some functionality to do this, but this is not exposed by the
> ntlm_auth tool, which I am currently using to provide NTLM
> authentication for wine.
Correct. I've considered possible extensions to this, but they get
> I'm not sure if ntlm_auth is the right place to put that functionality,
> but Andrew Bartlett said that he would like to keep GENSEC internals
> internal, so I guess spinning this out of the current code into an extra
> lib is not an option.
Actually, on the contrary: Jelmer's recent work on the build system has
spun GENSEC out into a seperate library, with installed headers and the
full ball of wax...
Now, it's GPL licenced for now, but my policy on re-licencing still
applies: To the extent that I own the copyright, if another free
software project needs the code, and the last and only barrier is the
licence, I will seriously consider an LGPL licence.
The problem is the code I don't own, and GENSEC currently has tentacles
into plenty of other parts of Samba's code.
I'm not sure how stable the GENSEC interface is: But I've not changed
too many of the primitive operations recently. We also need to look at
> Maybe we could create a seperate tool for things
> like this.
I don't really like that idea. I would consider adding 'encrypt' and
'decrypt' commands to ntlm_auth, or allowing the session keys to be
extracted. (We could then just have the sign/seal code duplicated).
But I think the library idea has merit. Perhaps give it a whirl (as a
proof of concept), and see how it goes?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060329/46c09835/attachment.bin
More information about the samba-technical