On Sat, 2003-11-22 at 22:30, Henrik Nordstrom wrote:
> On Sat, 22 Nov 2003, Andrew Bartlett wrote:
>
> > Yep, there is a bug in Samba's ntlm_auth. I'm waiting on a valgrind run
> > or at least a backtrace.
>
> There is a Squid user who apparently can get the Samba ntlm_auth helper to
> segfault reliably. But he probably needs a little guidance on how to get a
> backtrace from the helper.
>
> http://www.squid-cache.org/mail-archive/squid-users/200311/0893.html
I've caught up with him on samba-technical.
> > I'm just about to add NLTM2 to our server-side NTLMSSP and maybe my
> > added parinoia fixed the bugs (but that's just hope :-)
>
> So now it becomes even more pressing need to get Squid to send the
> NEGOTIATE packet to the helper properly, and to figure out how to fully
> stop challenge reuses..
Actually, NTLM2 should work without it (it is different to NTLMv2 - yet
another variation), but challenge reuses are evil anyway :-)
Andrew Bartlett
-- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:47 MST