the unused auth_samba4 check_ntlm_security
Andrew Bartlett
abartlet at samba.org
Fri Jul 13 02:45:02 MDT 2012
On Fri, 2012-07-13 at 10:35 +0200, Volker Lendecke wrote:
> On Fri, Jul 13, 2012 at 10:05:03AM +0200, Andrew Bartlett wrote:
> > +/*
> > + * This hook is currently unused, as all NTLM logins go via the hooks
> > + * provided by make_auth4_context_s4() below.
> > + *
> > + * This is only left in case we find a way that it might become useful
> > + * in future. Importantly, this routine returns the information
> > + * needed for a NETLOGON SamLogon, not what is needed to establish a
> > + * session.
> > + */
>
> What is the fudamental difference between this code and
> pdb_ads/auth_netlogon? Those needed to go because they were
> unused, but this can stay?
>
> Please explain.
Honestly, there isn't much difference, and I considered outright
removing this particular chunk when I did the other work. Today I just
felt as folks were looking over the different modules, I would try and
reduce the confusion by at least documenting this fact.
But you are totally correct, and with the bypass via the auth4_context,
this code is unused, and as we don't have unit tests over auth modules,
it is untested. I also don't have any concrete ideas for a future use
case. It is entirely reasonable to request it be removed.
I'll do that tomorrow unless others feel a particular reason we should
keep this.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list