On Sat, 2003-11-22 at 22:46, Andrew Bartlett wrote: > On Sat, 2003-11-22 at 22:30, Henrik Nordstrom wrote: > > On Sat, 22 Nov 2003, Andrew Bartlett wrote: > > > > > Yep, there is a bug in Samba's ntlm_auth. I'm waiting on a valgrind run > > > or at least a backtrace. > > > > There is a Squid user who apparently can get the Samba ntlm_auth helper to > > segfault reliably. But he probably needs a little guidance on how to get a > > backtrace from the helper. > > > > http://www.squid-cache.org/mail-archive/squid-users/200311/0893.html > > I've caught up with him on samba-technical. > > > > I'm just about to add NLTM2 to our server-side NTLMSSP and maybe my > > > added parinoia fixed the bugs (but that's just hope :-) > > > > So now it becomes even more pressing need to get Squid to send the > > NEGOTIATE packet to the helper properly, and to figure out how to fully > > stop challenge reuses.. > > Actually, NTLM2 should work without it (it is different to NTLMv2 - yet > another variation), but challenge reuses are evil anyway :-)
However, what is evil is the fact that we don't get the negotiate packet, so we can't enable these things. Once we sort this bit out, we are going to work a *lot* better at some of the 'high security policy' sites. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
