ADV190023 | LDAP channel binding support
Andrew Bartlett
abartlet at samba.org
Tue Feb 18 18:01:53 UTC 2020
On Tue, 2020-02-18 at 17:47 +0100, Stefan Metzmacher wrote:
>
> I looked at it a bit, see
>
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=ac8fd11f1d4b9deb48d6c7942af0c83b52d69d7f
>
> I think we need input from dochelp to answer 2 questions:
> 1. which kind of channel bindings are expected/used by windows?
> I assume tls-server-end-point. I guess MS-ADTS would be the place
> to define these details for ldaps.
> 2. how is the ChannelBindingsUnhashed blob constructed for
> NTLMSSP (MS-NLMP)
There was a very, very old patch from Microsoft to ntlm_auth to do this
a long, long time ago for NTLMSSP over HTTPS (to aid Firefox's use of
ntlm_auth). It was at the wrong layer but it will be the same protocol
I presume.
My current inbox doesn't go back that far but finding that might be a
good pointer.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list