[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Should we settle on one SSL implementation?



On Tue, 2007-10-23 at 10:38 -0700, Robert Relyea wrote:
> Patrice Dumas wrote:
> > On Tue, Oct 23, 2007 at 10:29:17AM -0700, Robert Relyea wrote:
> >   
> >> If MD4 is one of the algorithms,  We have a plan for that. MD4 is 
> >> fundamentally broken, has been for 10 years. There is only one legitimate 
> >> use of MD4 that I know of and that is support NTLM (Microsoft's old NT 
> >> authentication mechanism). In this case we need a common NTLM library that 
> >> all NTLM users call. Any other use of MD4 needs to be identified and 
> >>     
> >
> > There is libntlm existing:
> > http://josefsson.org/libntlm/
> >   
> Thanks, We should take a look at it. At this point there are a number of 
> ntlm libraries, mostly imbedded in various applications (mozilla, samba, 
> etc.). This does have the advantage of being a separate package, though.

I just looked, and this was still a very poor implemention.  Unicode is
not achieved by:

static unsigned char *
strToUnicode (const char *p, size_t l, unsigned char *buf)
{
  int i = 0;

  if (l > (NTLM_BUFSIZE / 2))
    l = (NTLM_BUFSIZE / 2);

  while (l--)
    {
      buf[i++] = *p++;
      buf[i++] = 0;
    }

  return buf;
}

My strong recommendation is to use Samba's ntlm_auth and winbind (as a
client and server) to handle seamless ntlm authentication, particularly
in single-sign-on situations.

Andrew Bartlett 

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]