the unused auth_samba4 check_ntlm_security

Andrew Bartlett abartlet at
Fri Jul 13 02:45:02 MDT 2012

On Fri, 2012-07-13 at 10:35 +0200, Volker Lendecke wrote:
> On Fri, Jul 13, 2012 at 10:05:03AM +0200, Andrew Bartlett wrote:
> > +/* 
> > + * This hook is currently unused, as all NTLM logins go via the hooks
> > + * provided by make_auth4_context_s4() below.
> > + *
> > + * This is only left in case we find a way that it might become useful
> > + * in future.  Importantly, this routine returns the information
> > + * needed for a NETLOGON SamLogon, not what is needed to establish a
> > + * session.
> > + */
> What is the fudamental difference between this code and
> pdb_ads/auth_netlogon? Those needed to go because they were
> unused, but this can stay?
> Please explain.

Honestly, there isn't much difference, and I considered outright
removing this particular chunk when I did the other work.  Today I just
felt as folks were looking over the different modules, I would try and
reduce the confusion by at least documenting this fact. 

But you are totally correct, and with the bypass via the auth4_context,
this code is unused, and as we don't have unit tests over auth modules,
it is untested.  I also don't have any concrete ideas for a future use
case.  It is entirely reasonable to request it be removed.  

I'll do that tomorrow unless others feel a particular reason we should
keep this.


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list