* "Tom Spear (Dustin Booker, Dustin Navea)" <[EMAIL PROTECTED]> [19/04/06, 05:52:32]: > Kai, don't feel bad. I actually do think it is a good idea, but to me > it looks like you are describing a proposal that will end up going into > samba's tree, not ours. If you could clarify what this will do for > wine, I think you might generate a lil more contructive activity (vs > "yes please implement more game stuff!"). Sure, easy thing.
So far (since SOC 2005) wine implements SSPI authentication for NTLM (and Negotiate, in theory, but that patch never made it) via a tool provided by Samba, called ntlm_auth. The problem with this approach is that ntlm_auth was never meant to do much besides NTLM authentication for Squid. For anything besides authenticating, ntlm_auth isn't feasible. This could of course be fixed by hacking more functionality into ntlm_auth, but the Samba developers already said they wouldn't accept patches that bloat ntlm_auth more than it already is. The OpenSource reaction to this would be forking the Samba4 code and doing your own version, but I doubt that really is feasible. Especially as you would then conflict with existing Samba installations. Now, Samba4 exposes all this authentication/communication code in a library you can load from an external program. Using this library to handle authentication wouldn't change to the current setup. But when using the library it's possible to do more than authentication, like signing packages to make sure they were not tampered with and sealing packages to make sure noone reads their content. Outlook 2003 seems to use that. As mentioned before, the only problem about this setup is that so far GENSEC is only available under the GNU GPL and thus not directly useable. The Samba people (Andrew Bartlett et al.) indicated that if that was the only thing stopping us from using the lib, they would relicense it to LGPL for us. The benefits for Wine would be the following: An easy way to implement the SSPI providers for NTLM, Negotiate, Schannel and Kerberos, as those are handled by GENSEC. (We might decide to go our own way for Schannel and Kerberos, Juan Lang might be able to comment on that, he's working on the crypt32 api Schannel can alternatively be built on). As GENSEC is a seperate library, it doesn't need the rest of Samba4 installed, so it can be packaged extra. This way Wine + Gensec would give you a platform to run your SSPI things on, as opposed to Wine + Samba4, which might conflict with and already installed samba3 install. Samba4 as a whole will not be released for any time soon. Whew, this got bigger than I expected. Kai -- Kai Blin, (blin at gmx dot net) <Mercury> You don't have to be crazy to be a member of the project, but you will be.. <=:]