NTLMSSP and GENSEC
abartlet at samba.org
Tue Oct 18 16:03:50 MDT 2011
On Tue, 2011-10-18 at 18:14 +1100, Andrew Bartlett wrote:
> I just wanted to update you and the list about my progress.
> On Wed, 2011-10-12 at 10:49 +1100, Andrew Bartlett wrote:
> > The next steps I see are:
> > - to merge the NTLMSSP client code into a gensec module, adding in the
> > winbind hook for cached credentials
> I have not done this yet, as it turned out to be easier not to combine
> the code quite yet. I'll get to this soon.
> > - to create a common ntlmssp client gensec module
> Instead, I created another ntlmssp module, using the same mechanism as
> used in the s3 server.
> > - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> > (ie implementing all the calls in terms of gensec)
> Now the auth_ntlmssp wrapper only wraps gensec, rather than either
> gensec or ntlmssp.
Thanks for the ack on this, this is now in the tree.
> > - Investigate providing the event context as an argument to
> > gensec_start_mech_by*() and gensec_update(), rather than
> > gensec_*_init().
> This is now done, thank-you for the positive review!
> > - to unwrap the auth_ntlmssp wrapper (ie, have the callers, client and
> > then server call gensec directly)
> This looks quite trivial to finish at this point, and I think is the key
> feature you need.
I've finished the first half of this, and updated the branch.
The next step is to only keep the struct gensec_security around long
term (as we only ever use that member after auth_ntlmssp_client_start())
Thanks for all your patience and review on this.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical