Plans for integrating vfs proxy and security=server

Andrew Bartlett abartlet at
Tue May 6 22:49:59 GMT 2008

On Tue, 2008-05-06 at 11:20 +0100, Amin Azez wrote:
> * Andrew Bartlett wrote, On 05/05/08 22:53:
> > On Mon, 2008-05-05 at 18:13 +0200, Jelmer Vernooij wrote:
> >> Am Montag, den 05.05.2008, 13:46 +1000 schrieb Andrew Bartlett:
> >>> I've committed the security=server implementation into Samba4, but not
> >>> any tests as yet.  I'm hoping that once we merge the vfs proxy backend
> >>> (the CIFS Accelerator from Sam) into Samba4, that the testsuite we use
> >>> there can cover the auth_server code too.
> >>>
> >>> How does that sound?
> >> That makes a lot of sense. I guess just running smbclient with domain
> >> creds against a standalone smbd configured to use auth_server should be
> >> sufficient?
> > 
> > Yeah.  I figure we will have the proxy in 'make test' configured to
> > accept either kerberos with domain credentials, or NTLM with the
> > pass-though. We can do most of the tests with kerberos, and add quick
> > smbclient invocation with NTLM to check that codepath. 
> Aye; and also a double-proxy test.
> I'm just fixing some rpm build errors and then hope to integrate the
> pass-through and add the proxy test.

BTW, following a recent fedora-devel discussion, it seems to be strongly
advised not to run in an RPM spec file.  This should fix some
of the complexity you needed trying to preserve GIT versions etc. 

> Sam

BTW, you should pick one identity or the other ;-)

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list