[PATCH] remove ntlm_auth4

ronnie sahlberg ronniesahlberg at gmail.com
Fri Nov 25 02:24:36 UTC 2016

Volker, Get rid of it.

Reduce technical debt for features (almost) no one uses.
If there are any users that depend on this they can easily carry an
out-of-tree patch without
burdening samba-team of carrying and maintaining dead code.

On Thu, Nov 24, 2016 at 9:40 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2016-11-24 at 15:40 +0100, Volker Lendecke wrote:
>> Hi!
>> Does anybody use this? The main feature it has over ntlm_auth3 is the
>> multiplex traffic. But I am not sure this really works and if there
>> are any users for it.
>> Review appreciated!
>> Thanks, Volker
> For the record, the primary structural difference that I can tell is
> that:
>  -  ntlm_auth uses the gensec_gse GSSAPI module and backs against
> winbind via a set of auth methods that wrap the winbind pipe
>  -  ntlm_auth4 uses gensec_gssapi, and talks to winbindd via the
> "winbind" auth4 module
> gensec_gse and gensec_gssapi need to merge, but the differences are not
> big enough to warrant the additional binary.
> That we have merged the underlying code so much that these have become
> essentially identical and needlessly duplicate is a great thing!
> I remember when the ntlm_auth code had direct calls to a SPNEGO parser
> and krb5 routines, as well as the direct calls to the NTLMSSP lib
> (because it pre-dated gensec)!
> I wrote ntlm_auth4 to show how it could correctly use the new
> abstractions.  Now that the production tool does that, it doesn't need
> to stay around.
> Andrew Bartlett
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list