On Tue, 2007-10-23 at 10:38 -0700, Robert Relyea wrote: > Patrice Dumas wrote: > > On Tue, Oct 23, 2007 at 10:29:17AM -0700, Robert Relyea wrote: > > > >> If MD4 is one of the algorithms, We have a plan for that. MD4 is > >> fundamentally broken, has been for 10 years. There is only one legitimate > >> use of MD4 that I know of and that is support NTLM (Microsoft's old NT > >> authentication mechanism). In this case we need a common NTLM library that > >> all NTLM users call. Any other use of MD4 needs to be identified and > >> > > > > There is libntlm existing: > > http://josefsson.org/libntlm/ > > > Thanks, We should take a look at it. At this point there are a number of > ntlm libraries, mostly imbedded in various applications (mozilla, samba, > etc.). This does have the advantage of being a separate package, though. I just looked, and this was still a very poor implemention. Unicode is not achieved by: static unsigned char * strToUnicode (const char *p, size_t l, unsigned char *buf) { int i = 0; if (l > (NTLM_BUFSIZE / 2)) l = (NTLM_BUFSIZE / 2); while (l--) { buf[i++] = *p++; buf[i++] = 0; } return buf; } My strong recommendation is to use Samba's ntlm_auth and winbind (as a client and server) to handle seamless ntlm authentication, particularly in single-sign-on situations. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
