Should we settle on one SSL implementation?
Andrew Bartlett
abartlet at samba.org
Wed Oct 24 00:24:06 UTC 2007
On Tue, 2007-10-23 at 10:38 -0700, Robert Relyea wrote:
> Patrice Dumas wrote:
> > On Tue, Oct 23, 2007 at 10:29:17AM -0700, Robert Relyea wrote:
> >
> >> If MD4 is one of the algorithms, We have a plan for that. MD4 is
> >> fundamentally broken, has been for 10 years. There is only one legitimate
> >> use of MD4 that I know of and that is support NTLM (Microsoft's old NT
> >> authentication mechanism). In this case we need a common NTLM library that
> >> all NTLM users call. Any other use of MD4 needs to be identified and
> >>
> >
> > There is libntlm existing:
> > http://josefsson.org/libntlm/
> >
> Thanks, We should take a look at it. At this point there are a number of
> ntlm libraries, mostly imbedded in various applications (mozilla, samba,
> etc.). This does have the advantage of being a separate package, though.
I just looked, and this was still a very poor implemention. Unicode is
not achieved by:
static unsigned char *
strToUnicode (const char *p, size_t l, unsigned char *buf)
{
int i = 0;
if (l > (NTLM_BUFSIZE / 2))
l = (NTLM_BUFSIZE / 2);
while (l--)
{
buf[i++] = *p++;
buf[i++] = 0;
}
return buf;
}
My strong recommendation is to use Samba's ntlm_auth and winbind (as a
client and server) to handle seamless ntlm authentication, particularly
in single-sign-on situations.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071024/5b151f09/attachment.sig>
More information about the fedora-devel-list
mailing list