[PATCH] s3-ntlm_auth: Fix gss-spnego-client to work with gss-spnego

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Feb 1 16:20:49 MST 2012

On Wed, Feb 01, 2012 at 04:48:32PM -0700, Christof Schmitt wrote:
> With moving the call to ads_verify_ticket i am trying to
> implement an interface to winbind that allows verifying tickets
> from a DC. With the current code i would have tried to have a
> call into winbind that accepts the ticket and returns the data
> from the verification that is currently used in ntlm_auth. The
> idea is that other applications can use the same interface to
> verify tickets through winbind.

*just* looking at ads_verify_ticket is probably too narrow.
You want one layer above that also covers the multi-step
NTLMSSP exchange. Essentially, marshall the gensec_update
interface and everything around that onto the winbind pipe.


More information about the samba-technical mailing list