Patches for channel and service binding for NTLM (extended protection) - where are they?

Andrew Bartlett abartlet at
Tue Nov 8 14:36:57 MST 2011

On Tue, 2011-11-08 at 16:02 +0100, Honza Bambas wrote:
> Hi, there have recently been submitted patches to ntml_auth introducing 
> support for extended protection.
> I'm not able to find the patches in either the repo 
> ( or in the original submit post 
> ( 
> to apply manually.
> What is the status/plan on landing/finishing these patches?

My plan is to unify the two NTLMSSP client libs (they are close, but not
identical), and then to rework the patches so that they can be landed. 

We also need to ensure that we have a way to communicate these binding
to winbindd for the cached credentials feature. 

I've been taking a break from intensive Samba development over the past
little while, and so I've not looked at the patches in great detail.

> I have finished the work on the Mozilla bug 
> allowing extended 
> protection and SPN binding only on Windows.
> Now I would like to finish the Linux part of the Mozilla patch 
> ( that is using 
> ntlm_auth and is dependent on the Samba patches mentioned above.

Thanks, I look forward to working with you on this.  Sadly I cannot
promise the final form of the patches or the ntlm_auth interface until I
look at it in more detail, as we have two ntlm_auth implementations at
the moment (Samba3 and Samba4), and I want to ensure whatever we do
works well for both, to allow a seamless transition in future.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list