[PATCH] remove ntlm_auth4
Volker Lendecke
vl at samba.org
Thu Nov 24 18:38:38 UTC 2016
On Fri, Nov 25, 2016 at 06:40:58AM +1300, Andrew Bartlett wrote:
> On Thu, 2016-11-24 at 15:40 +0100, Volker Lendecke wrote:
> > Hi!
> >
> > Does anybody use this? The main feature it has over ntlm_auth3 is the
> > multiplex traffic. But I am not sure this really works and if there
> > are any users for it.
> >
> > Review appreciated!
> >
> > Thanks, Volker
>
> For the record, the primary structural difference that I can tell is
> that:
>
> - ntlm_auth uses the gensec_gse GSSAPI module and backs against
> winbind via a set of auth methods that wrap the winbind pipe
> - ntlm_auth4 uses gensec_gssapi, and talks to winbindd via the
> "winbind" auth4 module
>
> gensec_gse and gensec_gssapi need to merge, but the differences are not
> big enough to warrant the additional binary.
>
> That we have merged the underlying code so much that these have become
> essentially identical and needlessly duplicate is a great thing!
>
> I remember when the ntlm_auth code had direct calls to a SPNEGO parser
> and krb5 routines, as well as the direct calls to the NTLMSSP lib
> (because it pre-dated gensec)!
>
> I wrote ntlm_auth4 to show how it could correctly use the new
> abstractions. Now that the production tool does that, it doesn't need
> to stay around.
Ok, if the way ntlm_auth works is set in stone I formally request to
drop my patch and keep both around. I'll start looking around for
alternatives.
Volker
More information about the samba-technical
mailing list