NTLMSSP and GENSEC
Volker.Lendecke at SerNet.DE
Wed Oct 12 11:03:57 MDT 2011
On Wed, Oct 12, 2011 at 10:49:45AM +1100, Andrew Bartlett wrote:
> At SDC I showed you my work to have the auth_ntlmssp code in
> source3/auth implement a gensec module, to allow gensec functions to be
> called, via the auth_ntlmssp wrapper.
> I've got this patch set almost working, but wanted to point you at it in
> case it assists your work. I'll continue to determine the remaining
> test failures in the meantime. (The perl/autogen.sh issue I mention in
> the other thread also remains to be dealt with).
> I also wanted to give you a heads-up as to my plans from here, to move
> this from 'an interesting technical change' to a crucial part of the
> work we were discussing to create a common client library, and a common
> client/server smb encryption routine.
> The next steps I see are:
> - to merge the NTLMSSP client code into a gensec module, adding in the
> winbind hook for cached credentials
> - to create a common ntlmssp client gensec module
> - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> (ie implementing all the calls in terms of gensec)
> - Investigate providing the event context as an argument to
> gensec_start_mech_by*() and gensec_update(), rather than
You might want to take a look at what metze did for the
cldap subsystem, in particular af24591a20c7412 and
b787b6e1bd70f907 are what I want to see for gensec before it
goes deeper into s3 code. This makes it a LOT less prone to
accidential nested event loops.
With best regards,
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical