Re: ntlm status

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Sat, 22 Nov 2003 22:46:11 +1100

On Sat, 2003-11-22 at 22:30, Henrik Nordstrom wrote:
> On Sat, 22 Nov 2003, Andrew Bartlett wrote:
>
> > Yep, there is a bug in Samba's ntlm_auth. I'm waiting on a valgrind run
> > or at least a backtrace.
>
> There is a Squid user who apparently can get the Samba ntlm_auth helper to
> segfault reliably. But he probably needs a little guidance on how to get a
> backtrace from the helper.
>
> http://www.squid-cache.org/mail-archive/squid-users/200311/0893.html

I've caught up with him on samba-technical.

> > I'm just about to add NLTM2 to our server-side NTLMSSP and maybe my
> > added parinoia fixed the bugs (but that's just hope :-)
>
> So now it becomes even more pressing need to get Squid to send the
> NEGOTIATE packet to the helper properly, and to figure out how to fully
> stop challenge reuses..

Actually, NTLM2 should work without it (it is different to NTLMv2 - yet
another variation), but challenge reuses are evil anyway :-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

Received on Sat Nov 22 2003 - 04:46:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:47 MST