[PATCH] Generalise auth_ntlmssp in s3
Stefan (metze) Metzmacher
metze at samba.org
Thu Dec 22 05:44:50 MST 2011
Hi Andrew,
> This patch series generalises the auth_ntlmssp code into a more generic
> infrastructure, with the aim to have GSSAPI handled via GENSEC in the
> smb sealing, rpc server and eventually session setup code.
>
> The patches so far are just the start, but take a very measured, one
> small change at a time approach without intentional behaviour change,
> and are at:
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-rpc-gensec
Thanks! I plan to sign-off and push this too.
> Handling GSSAPI via GENSEC is important in order to finish the s3/s4
> integration efforts, so that the spoolss server is available with GSSAPI
> authentication in such a combined DC build.
>
> To achieve that, I will first wish to build a gensec wrapper for the
> 'gse' layer currently in use. Once this works, the existing hooks will
> simply redirect to the s4 gensec modules when in the AD server mode as
> they already do for NTLMSSP.
>
> This will also simplify the smb sealing code (which will then only deal
> with gensec), and in the longer term allow us to use real GSSAPI for
> session setup handling (rather than the current fake GSSAPI).
It would be really nice if could hide most of the
source3/smbd/sessetup.c spnego code
behind a gensec backend. I think the chunk fragmentation for large krb5
blobs
should be handled inside the module.
I'm currently trying to change the register_*_vuid code from
source3/smbd/password.c
to use a smbXsrv_session structure, which can be used for smb1 and smb2
as a replacement for the current struct smbd_smb2_session.
> Merry Christmas!
:-)
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20111222/58854c36/attachment.pgp>
More information about the samba-technical
mailing list