[PATCH] remove ntlm_auth4
Andrew Bartlett
abartlet at samba.org
Thu Nov 24 17:40:58 UTC 2016
On Thu, 2016-11-24 at 15:40 +0100, Volker Lendecke wrote:
> Hi!
>
> Does anybody use this? The main feature it has over ntlm_auth3 is the
> multiplex traffic. But I am not sure this really works and if there
> are any users for it.
>
> Review appreciated!
>
> Thanks, Volker
For the record, the primary structural difference that I can tell is
that:
- ntlm_auth uses the gensec_gse GSSAPI module and backs against
winbind via a set of auth methods that wrap the winbind pipe
- ntlm_auth4 uses gensec_gssapi, and talks to winbindd via the
"winbind" auth4 module
gensec_gse and gensec_gssapi need to merge, but the differences are not
big enough to warrant the additional binary.
That we have merged the underlying code so much that these have become
essentially identical and needlessly duplicate is a great thing!
I remember when the ntlm_auth code had direct calls to a SPNEGO parser
and krb5 routines, as well as the direct calls to the NTLMSSP lib
(because it pre-dated gensec)!
I wrote ntlm_auth4 to show how it could correctly use the new
abstractions. Now that the production tool does that, it doesn't need
to stay around.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list