Patches for channel and service binding for NTLM (extended protection) - where are they?

Honza Bambas hbambas at
Wed Nov 9 12:00:02 MST 2011

Andrew, thanks for your answer.

Do you have any time estimation on how long it could take to have at 
least an experimental version of the patch(es)?  Just roughly, to be 
able to make plans.

I was thinking of helping with this particular task in Samba, but I'm a 
total newbie to hacking this project and also quit busy on work for 
Mozilla.  But I can at least help with testing and integration to the 
Mozilla platform.

Thank you.

On 11/8/2011 10:36 PM, Andrew Bartlett wrote:
> On Tue, 2011-11-08 at 16:02 +0100, Honza Bambas wrote:
>> Hi, there have recently been submitted patches to ntml_auth introducing
>> support for extended protection.
>> I'm not able to find the patches in either the repo
>> ( or in the original submit post
>> (
>> to apply manually.
>> What is the status/plan on landing/finishing these patches?
> My plan is to unify the two NTLMSSP client libs (they are close, but not
> identical), and then to rework the patches so that they can be landed.
> We also need to ensure that we have a way to communicate these binding
> to winbindd for the cached credentials feature.
> I've been taking a break from intensive Samba development over the past
> little while, and so I've not looked at the patches in great detail.
>> I have finished the work on the Mozilla bug
>> allowing extended
>> protection and SPN binding only on Windows.
>> Now I would like to finish the Linux part of the Mozilla patch
>> ( that is using
>> ntlm_auth and is dependent on the Samba patches mentioned above.
> Thanks, I look forward to working with you on this.  Sadly I cannot
> promise the final form of the patches or the ntlm_auth interface until I
> look at it in more detail, as we have two ntlm_auth implementations at
> the moment (Samba3 and Samba4), and I want to ensure whatever we do
> works well for both, to allow a seamless transition in future.
> Andrew Bartlett

More information about the samba-technical mailing list