[PATCH] using gensec_ntlmssp in s3
Andrew Bartlett
abartlet at samba.org
Sat Feb 4 03:03:15 MST 2012
On Tue, 2012-01-31 at 21:43 +1100, Andrew Bartlett wrote:
> I've prepared a series of patches to merge the gensec_ntlmssp
> server-side modules:
>
> http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-merge-ntlmssp
>
> There is still work to do, to remove the remaining calls directly to the
> ntlmssp server code (in ntlm_auth), but at least some of this
> duplication has been reduced, and we are one step closer to a common
> authentication stack.
I've continued this branch, building on top of of the changes to have a
common NTLMSSP server, and to have a common interface for all NTLM
authentication. We talked about doing this with gensec, but encountered
the difficultly of handling old-style NTLM logins and security=server
(with the challenge reuse). So, instead I simply expose exactly the
layer under gensec_ntlmssp, returning only the auth_session_info, and
not the confusing auth_serversupplied_info to the caller.
Once the security=share proposal (on which this branch is also based) is
resolved one way or the other, I would like to see this branch merged to
master.
This is the last set of changes required to get consistent NTLM
authentication and authorization across all possible CIFS entry-points.
That is, it ensures that a login on raw NTLM and the same login on
NTLMSSP returns identical groups and privileges in both CIFS servers.
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-merge-ntlmssp-nosecshare
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list