On Sat, 2005-03-12 at 02:42 +0100, Henrik Nordstrom wrote:
> On Sat, 12 Mar 2005, Andrew Bartlett wrote:
>
> > If the issue is independence from winbindd (for a vital testing point of
> > separation), then I would note that I added a --password option to
> > ntlm_auth a little while back. This option causes ntlm_auth not to
> > contact winbindd, but to instead simply use that fixed password.
>
> Cool, but this isn't really the reason why the SMB helpers exists.
>
> The SMB helpers is different in that they use a SMB server as backend
> source for NTLM/LANMAN authentication. These are considerably easier to
> use as no Samba needs to be installed and no need to join the domain, but
> not suitable for higher loads due to Windows oddities.. Works reasonable
> to Samba servers however.
The way ntlm_auth in Samba4 is designed, allowing this mode of operation
would not be too difficult (nothing more than a config option,
actually). It suffers all the same faults as 'security=server' always
has, but as we are going to keep it for CIFS, I'll ensure it still works
for ntlm_auth too.
This may (or may not) allow these helpers to eventually be deprecated.
Andrew Bartlett
-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:04 MST