I need some assistance from a talented C programmer, preferably with some experience in Apache 2.0 module development. For a while, I have had a version of mod_ntlm_winbind cleaned up to work with ntlm_auth, and handling both NTLM and Negotiate HTTP authentication via Samba 3 and Samba4's ntlm_auth utility. I have not had the time or energy to properly maintain (it needs basic auth added), promote (it needs a manpage, homepage etc) or port (it needs to work on Apache 2.0) this module, so I'm looking for help. The task is actually quite simple, no intimate knowledge of windows authentication protocols is required, as this is all handled by ntlm_auth. (Communication with the utility is over unix pipes, attached to stdin/stdout of ntlm_auth). There is example code, both in the existing module, other modules and in a patch to cyrus-sasl, and I'm quite happy to help out whoever takes this on. The existing code (for apache 1.3) can be found here: http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind/ There is one example Apache2 module here: http://source.grep.no/ It is a good start, but it needs cleaning up (no NTLMSSP parsing at all), and it still seems to use global variables (not permitted in the threaded apache 2). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050907/f1314d77/attachment.bin
Andrew, If you haven't yet gotten other victims for this, Brian Moran and I would happily take this. I've done module development for Apache before, Brian knows NTLM, and we've contributed to Samba before (eventlogs, service control, perf counters, some winbind bugs) and would like to continue to do so. Let us know if this sounds suitable. Thanks... -- Marcin Krzysztof Porwit mporwit@centeris.com #include <stddisclaimer.h> -----Original Message----- From: samba-technical-bounces+mporwit=centeris.com@lists.samba.org on behalf of Andrew Bartlett Sent: Wed 9/7/2005 5:15 AM To: samba-technical@samba.org Cc: Einar Otto Stangvik; samba@samba.org; Dmitry Andrianov Subject: WANTED: mod_ntlm_winbind developer I need some assistance from a talented C programmer, preferably with some experience in Apache 2.0 module development. For a while, I have had a version of mod_ntlm_winbind cleaned up to work with ntlm_auth, and handling both NTLM and Negotiate HTTP authentication via Samba 3 and Samba4's ntlm_auth utility. I have not had the time or energy to properly maintain (it needs basic auth added), promote (it needs a manpage, homepage etc) or port (it needs to work on Apache 2.0) this module, so I'm looking for help. The task is actually quite simple, no intimate knowledge of windows authentication protocols is required, as this is all handled by ntlm_auth. (Communication with the utility is over unix pipes, attached to stdin/stdout of ntlm_auth). There is example code, both in the existing module, other modules and in a patch to cyrus-sasl, and I'm quite happy to help out whoever takes this on. The existing code (for apache 1.3) can be found here: http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind/ There is one example Apache2 module here: http://source.grep.no/ It is a good start, but it needs cleaning up (no NTLMSSP parsing at all), and it still seems to use global variables (not permitted in the threaded apache 2). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
Guys, if the only thing needed is to port 1.3 version to 2.0 we also can do that. The only thing I do not understand completely is: "I have not had the time or energy to properly maintain (it needs basic auth added), ". Why basic? To my knowledge (very limited) NTLM auth never sends passords in plain even if user is asked for login/password with a popup window. Am I wrong? Actually, this is why we started playing mod_ntlm_winbindd at all - we already deployed Kerveros auth and it works fine except for the remote user visit - in this case since mod_auth_kerb does not see valid ticket, it falls back to basic auth and consequently receives password in plaintext. We want to avoid plaintext passwords but we can not use https everywhere. That is why we wanted to try NTLM instead of Kerberos. Regards, Dmitry Andrianov ________________________________ From: Marcin Porwit [mailto:mporwit@centeris.com] Sent: Wednesday, September 07, 2005 10:51 PM To: Andrew Bartlett Cc: Einar Otto Stangvik; samba@samba.org; Dmitry Andrianov; Brian Moran Subject: RE: WANTED: mod_ntlm_winbind developer Andrew, If you haven't yet gotten other victims for this, Brian Moran and I would happily take this. I've done module development for Apache before, Brian knows NTLM, and we've contributed to Samba before (eventlogs, service control, perf counters, some winbind bugs) and would like to continue to do so. Let us know if this sounds suitable. Thanks... -- Marcin Krzysztof Porwit mporwit@centeris.com #include <stddisclaimer.h> -----Original Message----- From: samba-technical-bounces+mporwit=centeris.com@lists.samba.org on behalf of Andrew Bartlett Sent: Wed 9/7/2005 5:15 AM To: samba-technical@samba.org Cc: Einar Otto Stangvik; samba@samba.org; Dmitry Andrianov Subject: WANTED: mod_ntlm_winbind developer I need some assistance from a talented C programmer, preferably with some experience in Apache 2.0 module development. For a while, I have had a version of mod_ntlm_winbind cleaned up to work with ntlm_auth, and handling both NTLM and Negotiate HTTP authentication via Samba 3 and Samba4's ntlm_auth utility. I have not had the time or energy to properly maintain (it needs basic auth added), promote (it needs a manpage, homepage etc) or port (it needs to work on Apache 2.0) this module, so I'm looking for help. The task is actually quite simple, no intimate knowledge of windows authentication protocols is required, as this is all handled by ntlm_auth. (Communication with the utility is over unix pipes, attached to stdin/stdout of ntlm_auth). There is example code, both in the existing module, other modules and in a patch to cyrus-sasl, and I'm quite happy to help out whoever takes this on. The existing code (for apache 1.3) can be found here: http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind/ There is one example Apache2 module here: http://source.grep.no/ It is a good start, but it needs cleaning up (no NTLMSSP parsing at all), and it still seems to use global variables (not permitted in the threaded apache 2). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net