On Mon, 2005-01-10 at 01:28 +0100, Henrik Nordstrom wrote: > > On Mon, 10 Jan 2005, Andrew Bartlett wrote: > > > I'm wondering where things are at with SPNEGO support? > > The intentions are to have SPNEGO (and significantly cleaned up NTLM) > support in the 3.0 release.
Great. Any timelines on that? > The current effort is cleaning up the NTLM support by killing the support > for challenge reuse and it's related infrastructures. The plan is then to > extend this to also support the very similar Negotiate HTTP authentication > scheme carrying SPNEGO blobs. Great! > > Anyway, I'm always happy to help, particularly on the Samba side... > > Is there a reference implementation (Apache, or perhaps some reference web > server) using Samba for SPNEGO? Yes. mod_ntlm_winbind from lorikeet: http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/ I then used the ntlm_auth from Samba4 (but Samba3 winbindd as normal), and this apache config: <Directory "/usr/local/apache/htdocs/auth"> AuthName "NTLM Authentication thingy" NegotiateAuth on NTLMAuth on NTLMAuthHelper "valgrind --tool=memcheck --num- callers=32 /data/samba/samba4/svn/source/bin/ntlm_auth --option='auth methods = winbind' --helper-protocol=squid-2.5-ntlmssp" NegotiateAuthHelper "valgrind --tool=memcheck --num- callers=32 /data/samba/samba4/svn/source/bin/ntlm_auth --option='auth methods = winbind' --helper-protocol=gss-spnego" NTLMBasicAuthoritative on AuthType Negotiate AuthType NTLM require valid-user </Directory> (Oh, and the use of valgrind it's mandetory ;-) It is possible to prove Kerberos support with this setup, to test Kerberos support takes a bit more pain, and I'm happy to work with you on the details (say over IRC). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
