[PATCH] remove ntlm_auth4

Matthew Newton mcn4 at leicester.ac.uk
Fri Nov 25 17:47:32 UTC 2016

On Fri, Nov 25, 2016 at 12:33:39PM -0500, Simo wrote:
> On Fri, 2016-11-25 at 15:35 +0100, Volker Lendecke wrote:
> > Ok, sure, I'm fine with the removal. But for further
> > development I'll take a look at extending wbinfo with the
> > squid helper protocols. I see it as not a good idea to link in
> > gensec and everything else into such a tool that is called
> > from squid. wbinfo is designed to be slim, ntlm_auth is the
> > kitchen-sink do everything test-tool that can cover all
> > authentication corner cases and error injects. We need a
> > separate tool that is of lighter weight.
> My humble proposal would be to stop developing custom tools for
> squid and friends and use published APIs (ie gssapi), take a
> look at gss- ntlmssp, if you look at the winbind integration
> code and the commit messages it should be clear how winbindd
> interfaces are inadequate and should be changed. If not I can
> definitely write up something.

FWIW I've been really happy with the way I've been able to get
FreeRADIUS to talk directly to winbindd with libwbclient - that's
been so much nicer than having to exec ntlm_auth.

So... thanks guys :)

Maybe the squid people could look at using wbclient as well? Even
if not, it's a very small C program that would take the right
arguments and call the appropriate wbclient function, and doesn't
need to be a part of Samba.



Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the samba-technical mailing list