ntlm_auth question
Henrik Nordstrom
henrik at henriknordstrom.net
Wed Aug 19 05:18:02 MDT 2009
ons 2009-08-12 klockan 00:24 -0700 skrev Mohan Narayanaswamy:
> Is this still undocumented ? Are there better documentations for this
> gss-spnego helper protocol ?
The spnego protocol used by Squid is as follows, should be the same as
Samba but not 100% sure..
Initial requests to ntlm_auth:
YR base64blob
Additional requests in the same auth session uses
KK base64blob
No "done/aborted" request message is used, instead it's assumed the
authentication state is implicitly reset by ntlm_auth on the next YR
request.
Responses expected from the helper:
Intermediary negotiate/challenge response which needs to be sent to the
requesting client
TT base64blob [any extra info is discarded]
Authentication successful
AF base64blob username
Authentication unsuccessful. The reason message is optional and
continues to the end of the line if given
NA base64blob reasonmessage
Error conditions where authentication can not continue
BH errormessage
The base64blobs are Microsoft SPNEGO packets in base64 encoding.
Regards
Henrik
More information about the samba-technical
mailing list