Andrew Bartlett abartlet at samba.org
Tue Oct 18 16:03:50 MDT 2011

On Tue, 2011-10-18 at 18:14 +1100, Andrew Bartlett wrote:
> Metze,
> I just wanted to update you and the list about my progress.
> On Wed, 2011-10-12 at 10:49 +1100, Andrew Bartlett wrote:
> > The next steps I see are:
> >  - to merge the NTLMSSP client code into a gensec module, adding in the
> > winbind hook for cached credentials
> I have not done this yet, as it turned out to be easier not to combine
> the code quite yet.  I'll get to this soon.
> >  - to create a common ntlmssp client gensec module
> Instead, I created another ntlmssp module, using the same mechanism as
> used in the s3 server.
> >  - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> > (ie implementing all the calls in terms of gensec)
> Now the auth_ntlmssp wrapper only wraps gensec, rather than either
> gensec or ntlmssp.

Thanks for the ack on this, this is now in the tree.

> >  - Investigate providing the event context as an argument to
> > gensec_start_mech_by*() and gensec_update(), rather than
> > gensec_*_init().
> This is now done, thank-you for the positive review!
> >  - to unwrap the auth_ntlmssp wrapper (ie, have the callers, client and
> > then server call gensec directly)
> This looks quite trivial to finish at this point, and I think is the key
> feature you need.  

I've finished the first half of this, and updated the branch.  

The next step is to only keep the struct gensec_security around long
term (as we only ever use that member after auth_ntlmssp_client_start())

Thanks for all your patience and review on this.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list