NTLMSSP and GENSEC
abartlet at samba.org
Tue Oct 18 01:14:41 MDT 2011
I just wanted to update you and the list about my progress.
On Wed, 2011-10-12 at 10:49 +1100, Andrew Bartlett wrote:
> The next steps I see are:
> - to merge the NTLMSSP client code into a gensec module, adding in the
> winbind hook for cached credentials
I have not done this yet, as it turned out to be easier not to combine
the code quite yet. I'll get to this soon.
> - to create a common ntlmssp client gensec module
Instead, I created another ntlmssp module, using the same mechanism as
used in the s3 server.
> - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> (ie implementing all the calls in terms of gensec)
Now the auth_ntlmssp wrapper only wraps gensec, rather than either
gensec or ntlmssp.
> - Investigate providing the event context as an argument to
> gensec_start_mech_by*() and gensec_update(), rather than
This is now done, thank-you for the positive review!
> - to unwrap the auth_ntlmssp wrapper (ie, have the callers, client and
> then server call gensec directly)
This looks quite trivial to finish at this point, and I think is the key
feature you need.
> This will then get us to a state where the source3/libsmb/smb_seal.c smb
> encryption routine simply operates on a struct gensec_security, and can
> be the core of a common client library.
> Naturally, I'll post any changes to the s3 code to the list for review
> and keep you updated as I move these ideas into actual working code.
The updated patches are at
Thanks for all your help getting this into the tree!
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical