[Samba] RE: WANTED: mod_ntlm_winbind developer

Dmitry Andrianov dimas at dataart.com
Thu Sep 8 14:27:48 GMT 2005

if the only thing needed is to port 1.3 version to 2.0 we also can do
The only thing I do not understand completely is: "I have not had the
time or energy to properly maintain (it needs basic
auth added), ". Why basic? To my knowledge (very limited) NTLM auth
never sends passords in plain even if user is asked for login/password
with a popup window. Am I wrong?
Actually, this is why we started playing mod_ntlm_winbindd at all - we
already deployed Kerveros auth and it works fine except for the remote
user visit - in this case since mod_auth_kerb does not see valid ticket,
it falls back to basic auth and consequently receives password in
plaintext. We want to avoid plaintext passwords but we can not use https
everywhere. That is why we wanted to try NTLM instead of Kerberos.
Dmitry Andrianov


From: Marcin Porwit [mailto:mporwit at centeris.com] 
Sent: Wednesday, September 07, 2005 10:51 PM
To: Andrew Bartlett
Cc: Einar Otto Stangvik; samba at samba.org; Dmitry Andrianov; Brian Moran
Subject: RE: WANTED: mod_ntlm_winbind developer


If you haven't yet gotten other victims for this, Brian Moran and I
happily take this. I've done module development for Apache before,
Brian knows NTLM, and we've contributed to Samba before (eventlogs,
control, perf counters, some winbind bugs) and would like to continue to
so. Let us know if this sounds suitable. Thanks...
Marcin Krzysztof Porwit
mporwit at centeris.com

#include <stddisclaimer.h>

-----Original Message-----
From: samba-technical-bounces+mporwit=centeris.com at lists.samba.org on
behalf of Andrew Bartlett
Sent: Wed 9/7/2005 5:15 AM
To: samba-technical at samba.org
Cc: Einar Otto Stangvik; samba at samba.org; Dmitry Andrianov
Subject: WANTED: mod_ntlm_winbind developer

I need some assistance from a talented C programmer, preferably with
some experience in Apache 2.0 module development.

For a while, I have had a version of mod_ntlm_winbind cleaned up to work
with ntlm_auth, and handling both NTLM and Negotiate HTTP authentication
via Samba 3 and Samba4's ntlm_auth utility.

I have not had the time or energy to properly maintain (it needs basic
auth added), promote (it needs a manpage, homepage etc) or port (it
needs to work on Apache 2.0) this module, so I'm looking for help.

The task is actually quite simple, no intimate knowledge of windows
authentication protocols is required, as this is all handled by
ntlm_auth.  (Communication with the utility is over unix pipes, attached
to stdin/stdout of ntlm_auth).

There is example code, both in the existing module, other modules and in
a patch to cyrus-sasl, and I'm quite happy to help out whoever takes
this on.  The existing code (for apache 1.3) can be found here:


There is one example Apache2 module here:

It is a good start, but it needs cleaning up (no NTLMSSP parsing at
all), and it still seems to use global variables (not permitted in the
threaded apache 2).

Andrew Bartlett
Andrew Bartlett
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

More information about the samba mailing list