NTLMSSP and GENSEC
Andrew Bartlett
abartlet at samba.org
Tue Oct 18 16:03:50 MDT 2011
On Tue, 2011-10-18 at 18:14 +1100, Andrew Bartlett wrote:
> Metze,
>
> I just wanted to update you and the list about my progress.
>
> On Wed, 2011-10-12 at 10:49 +1100, Andrew Bartlett wrote:
>
> > The next steps I see are:
> > - to merge the NTLMSSP client code into a gensec module, adding in the
> > winbind hook for cached credentials
>
> I have not done this yet, as it turned out to be easier not to combine
> the code quite yet. I'll get to this soon.
>
> > - to create a common ntlmssp client gensec module
>
> Instead, I created another ntlmssp module, using the same mechanism as
> used in the s3 server.
>
> > - to use the common ntlmssp gensec module via the auth_ntlmssp wrapper
> > (ie implementing all the calls in terms of gensec)
>
> Now the auth_ntlmssp wrapper only wraps gensec, rather than either
> gensec or ntlmssp.
Thanks for the ack on this, this is now in the tree.
> > - Investigate providing the event context as an argument to
> > gensec_start_mech_by*() and gensec_update(), rather than
> > gensec_*_init().
>
> This is now done, thank-you for the positive review!
>
> > - to unwrap the auth_ntlmssp wrapper (ie, have the callers, client and
> > then server call gensec directly)
>
> This looks quite trivial to finish at this point, and I think is the key
> feature you need.
I've finished the first half of this, and updated the branch.
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-gensec-module-2
The next step is to only keep the struct gensec_security around long
term (as we only ever use that member after auth_ntlmssp_client_start())
Thanks for all your patience and review on this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list