On Fri, 2005-09-02 at 01:39 +0100, Luke Kenneth Casson Leighton wrote:
I will leave the rest of this mail well aside, but I just wanted to clarify exactly how long we have been providing NTLM authentication services to external projects:
- write a lovely insecure method of "outsourcing" the username,
domain and password to an external server - Samba TNG - which performs the authentication on your behalf and gets back "real" data.
this could be done simply with a TCP connection, throw the data in-the-clear over to a simple temporary shim service blah blah, bob's your uncle.
Like, say the winbind_auth_crap (thank Mr Potter for the name) function in Samba's winbindd client interface, used successfully by external projects (Squid in particular) since Samba 2.2?
Or better still (avoiding reimplementing NTLMSSP) by calling ntlm_auth (shipped with Samba 3.0 since release)? Oh wait, we hooked up a Google SOC student to do just that, and it's working well! :-)
Andrew Bartlett