Learn more about these different git repos.
Other Git URLs
We want gss-ntlmssp to be a complete drop-in replacement for Samba's horrible /usr/bin/ntlm_auth helper tool.
/usr/bin/ntlm_auth
That basically means it needs to work when winbind is the only thing on the system which knows the password (e.g. because I've primed it with wbinfo -K dwoodhou). That's a use case that works today with winbind, and needs to continue working with gss-ntlmssp.
wbinfo -K dwoodhou
There's already a winbindd method which will perform NTLM authentication (which ntlm_auth uses), but it doesn't return the information we need to subsequently generate or verify a MIC. We'd need it to return the signing/sealing keys, or the underlying random session key it generated.
ntlm_auth
We could add a method which makes it do this. I'm assuming that a patch to make it just hand out the password to any client that asks nicely would not stand much chance of being accepted upstream...
There are other ways this can work, perhaps. But it needs to work, without extra PAM modules etc.
I think winbind actually already gives us everything we need. See https://git.samba.org/?p=samba.git;a=commitdiff;h=fe348fdb2862442
Metadata Update from @dwmw2: - Issue assigned to simo
Done long ago, not optimal but mostly working.
Metadata Update from @simo: - Issue close_status updated to: None - Issue priority set to: None (was: 3) - Issue status updated to: Closed (was: Open)
Yeah, now we just need to make it work for SSSD users somehow, too...
Login to comment on this ticket.