On Sat, 2005-03-12 at 02:42 +0100, Henrik Nordstrom wrote: > On Sat, 12 Mar 2005, Andrew Bartlett wrote: > > > If the issue is independence from winbindd (for a vital testing point of > > separation), then I would note that I added a --password option to > > ntlm_auth a little while back. This option causes ntlm_auth not to > > contact winbindd, but to instead simply use that fixed password. > > Cool, but this isn't really the reason why the SMB helpers exists. > > The SMB helpers is different in that they use a SMB server as backend > source for NTLM/LANMAN authentication. These are considerably easier to > use as no Samba needs to be installed and no need to join the domain, but > not suitable for higher loads due to Windows oddities.. Works reasonable > to Samba servers however.
The way ntlm_auth in Samba4 is designed, allowing this mode of operation would not be too difficult (nothing more than a config option, actually). It suffers all the same faults as 'security=server' always has, but as we are going to keep it for CIFS, I'll ensure it still works for ntlm_auth too. This may (or may not) allow these helpers to eventually be deprecated. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
