There is a module, "mod_auth_ntlm_winbind", which allows to authenticate
users against a Windows domain using "NTLM" and "Negotiate"
authentication mechanisms. The module uses a way, recommended by the
Samba team -- it utilizes a special helper program "ntlm_auth", which
interacts with Samba's "winbind" daemon. (This way Squid does ntlm already).
For historical reasons, this module still lives in Samba's CVS (see
http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/mod_auth_ntlm_winbind/?root=lorikeet
) and has no any normal "upstream". This does not mean that the module
is unstable -- it is successfully used long time. Recently it was
included into Debian and Fedora (I maintain it in Fedora, see
http://download.fedora.redhat.com/pub/fedora/linux/updates/7/SRPMS/mod_auth_ntlm_winbind-0.0.0-0.5.20070129svn713.fc7.src.rpm
)
Samba team think that this code is not something Samba-related (see
http://lists.samba.org/archive/samba-technical/2007-June/054186.html).
Actually, it is Apache's httpd-related. Hence it have to be hosted
somewhere in apache.org ...
Any comments?
Moreover, because of its current location, this module lacks good
skilled httpd developers. There can be a lot of things to fix or to
improve on it.
Could anyone look on it carefully?
Regards,
Dmitry Butskoy
http://www.fedoraproject.org/wiki/DmitryButskoy
