[PATCH] remove ntlm_auth4

Andrew Bartlett abartlet at samba.org
Thu Nov 24 17:40:58 UTC 2016

On Thu, 2016-11-24 at 15:40 +0100, Volker Lendecke wrote:
> Hi!
> Does anybody use this? The main feature it has over ntlm_auth3 is the
> multiplex traffic. But I am not sure this really works and if there
> are any users for it.
> Review appreciated!
> Thanks, Volker

For the record, the primary structural difference that I can tell is

 -  ntlm_auth uses the gensec_gse GSSAPI module and backs against
winbind via a set of auth methods that wrap the winbind pipe
 -  ntlm_auth4 uses gensec_gssapi, and talks to winbindd via the
"winbind" auth4 module

gensec_gse and gensec_gssapi need to merge, but the differences are not
big enough to warrant the additional binary. 

That we have merged the underlying code so much that these have become
essentially identical and needlessly duplicate is a great thing!  

I remember when the ntlm_auth code had direct calls to a SPNEGO parser
and krb5 routines, as well as the direct calls to the NTLMSSP lib
(because it pre-dated gensec)!  

I wrote ntlm_auth4 to show how it could correctly use the new
abstractions.  Now that the production tool does that, it doesn't need
to stay around. 

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list