[PATCH] Generalise auth_ntlmssp in s3
abartlet at samba.org
Thu Dec 22 04:21:39 MST 2011
This patch series generalises the auth_ntlmssp code into a more generic
infrastructure, with the aim to have GSSAPI handled via GENSEC in the
smb sealing, rpc server and eventually session setup code.
The patches so far are just the start, but take a very measured, one
small change at a time approach without intentional behaviour change,
and are at:
Handling GSSAPI via GENSEC is important in order to finish the s3/s4
integration efforts, so that the spoolss server is available with GSSAPI
authentication in such a combined DC build.
To achieve that, I will first wish to build a gensec wrapper for the
'gse' layer currently in use. Once this works, the existing hooks will
simply redirect to the s4 gensec modules when in the AD server mode as
they already do for NTLMSSP.
This will also simplify the smb sealing code (which will then only deal
with gensec), and in the longer term allow us to use real GSSAPI for
session setup handling (rather than the current fake GSSAPI).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical