This bug is about solving bug #23679 on Unix platforms. Unlike the solution suggested in bug #159015 it makes use of Samba's winbindd. This daemon provides NTLMSSP services for other (e.g. squid is using it). Since it is probably the best unix implementation of ntlmssp I argue to use it rather than a poor attempt at it (see Andrew Bartlett's comment 134 on bug #23679). The glue code should ideally provide suppotr for multile protocols. Not just http but also pop, imap, nntp, ...
Well, to clear it up, it would not rely on winbindd, but on a 'samba-supplied binary' (or C lib, but given the Samba team's record with library interfaces, we would like to avoid it, also avoids need to relicence code). Also, to clear up 'who is using it', squid is currently using their own NTLMSSP code, but sends the details to Samba's winbindd for verification. We (both the Squid and Samba teams) intend to move it so that the same 'samba supplied binary' handles the whole deal. In any case, the point being made is correct, we need to do this in one place, and one place only. I argue that Samba should host such code, becouse we probably have the best understanding of it. Samba has a client and server that talks NTLMSSP over CIFS/SMB as a core functional requirement. Andrew Bartlett
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → Future
I understand that the "ntlm_auth" binary that will be included in Samba v3.0.1 MAY have this raw NTLMSSP authentication functionality. Can this be revisited? Tim Lank
Shouldn't this bug be obsolete since bug 224653 is fixed?
Mozilla has now it's own xp NTLM implementation. No need for Samba any more.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.