On Wed, 2008-06-18 at 17:22 -0700, Love Hörnquist Åstrand wrote: > > > > As NTLM isn't really nearly as special these days as it once was, I > > wondered about helping improve Heimdal's layer, and wondered if it > > might > > be possible to, like the send_to_kdc functions, have a hook we can > > register for 'process NTLM login'. This might perhaps be a Heimdal > > plugin - then Samba3 could perhaps supply it, and Heimdal would talk > > to > > Samba3's winbind. > > I started to implement NTLM plugin for winbind, but since the protocol > is not stable and neither library nor sane protocol have showed up, I > put that on ice for the time being. > > See struct ntlm_server_interface in lib/gssapi/ntlm/ntlm.h and lib/ > gssapi/ntlm/digest.c how to implement it. I looked at this. How should we allow a different set of target functions to be specified? In general, it might make sense for the krb5 plugin interface to handle it, but for use inside Samba, it might make sense to have it appear as server credentials (as it fits exactly this role). Any thoughts on how I could construct a set of 'credentials' to pass to spengo that are both a krb5 keytab and a pointer to the ntlm server functions? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
This is a digitally signed message part