Re: Brown-Paper-Bag bugs in the winbind ntlm auth_helper

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Sun, 22 Sep 2002 11:19:38 +1000

Henrik Nordström wrote:
>
> On Fri, 20 Sep 2002 kinkie-ml@libero.it wrote:
>
> > > And I agree with Andrew on the response size issue, but until we have
> > > a decent possibility to support NTLMv2 it won't matter very much..
> >
> > Well, the winbind helper may even figure out what's going on and cope.
> > We'll never know until we try.
>
> Only if MS has totally flawed their own implementation of NTLMSSP. For
> NTLMv2 to work the challenge packet SHOULD indicate that NTLMv2 is
> acceptable, and the client SHOULD have requested NTLMv2 + target info.
>
> If we "fix" Squid to send the full NEGOTIATE packet to the helper and not
> reuse challenges implementing NTLMv2 using winbind should be a pretty
> trivial task, provided the winbind interface supports NTLMv2 responses.

In thoery it should, but only in HEAD :-)

I added a 'workstation' feild to the struct to cope with NTLMv2.
Naturally, this needs to be filled in... (charset is utf8 in that
struct, btw).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
Received on Sat Sep 21 2002 - 19:18:44 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:35 MST