Re: Info about forward port of patches to 3.0

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Sat, 12 Mar 2005 18:40:03 +1100

On Sat, 2005-03-12 at 02:42 +0100, Henrik Nordstrom wrote:
> On Sat, 12 Mar 2005, Andrew Bartlett wrote:
>
> > If the issue is independence from winbindd (for a vital testing point of
> > separation), then I would note that I added a --password option to
> > ntlm_auth a little while back. This option causes ntlm_auth not to
> > contact winbindd, but to instead simply use that fixed password.
>
> Cool, but this isn't really the reason why the SMB helpers exists.
>
> The SMB helpers is different in that they use a SMB server as backend
> source for NTLM/LANMAN authentication. These are considerably easier to
> use as no Samba needs to be installed and no need to join the domain, but
> not suitable for higher loads due to Windows oddities.. Works reasonable
> to Samba servers however.

The way ntlm_auth in Samba4 is designed, allowing this mode of operation
would not be too difficult (nothing more than a config option,
actually). It suffers all the same faults as 'security=server' always
has, but as we are going to keep it for CIFS, I'll ensure it still works
for ntlm_auth too.

This may (or may not) allow these helpers to eventually be deprecated.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

Received on Sat Mar 12 2005 - 00:40:03 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:04 MST