libcli/auth mid-level crypto merge

Andrew Bartlett abartlet at
Tue Apr 14 10:11:08 GMT 2009

I've been working for some time to try and have Samba3 use Samba4's
mid-level crypto code (we already share many of the low level routines)

This does not extend as far as GENSEC, but the level between the
primitive crypto ops and the auth subsystem.

As it is, this code should not change any behaviours, and is not very
interesting on it's own, but like all merge work, it makes some other
things easier in future.  For example, I hope to soon implement the AES
schannel, and I would love to do this once, for both Samba3 and Samba4.
I would also really like to see soneone port Samba4's GENSEC into
Samba3, or at least make the NTLMSSP code common again.  

Because I didn't want to have this whole area of work blocked awaiting
an LDB merge, I've prepared two versions, one that also uses common code
in the netlogon server, and one which does not.  

The two branches are libcli-auth-merge-with-netlogond-patch and
libcli-auth-merge-without-netlogond in:


While the 'with-netlogond-patch' branch won't build until ldb is merged,
I'm also currently suffering from apparently unrelated build issues
(failure to build gen_ndr/tables.c).  When I get these resolved I'll
update that branch and begin testing.  

Any assistance, particularly with testing the many different modes our
authentication layer can be used in, will be most gratefully received. 


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list