Quantcast

[WIP] Add tests for supplementalCredentials, store other hash types

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
The attached patch adds tests for suplementalCredentials, to allow a
subsequent refactor and addition of Primary:userPassword{SHA512} (or
{SHA265})


0001-password_hash-Add-tests-to-allow-refactoring.patch (28K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
Updated work in progress patch set.
I believe that patches 1 and 2 are ready for review and push.  I'll
incorporate Metze's feedback and hopefully finish the hash generation
and tests today.

On 04/04/17 07:53, Gary Lockyer via samba-technical wrote:
> The attached patch adds tests for suplementalCredentials, to allow a
> subsequent refactor and addition of Primary:userPassword{SHA512} (or
> {SHA265})
>

0001-password_hash-Add-tests-to-allow-refactoring.patch (28K) Download Attachment
0002-password_hash-refactor-setup_supplemental_field.patch (15K) Download Attachment
0003-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch (2K) Download Attachment
0004-docs-configuration-options-for-Primary-userPassword.patch (5K) Download Attachment
0005-tests-password_hash-add-tests-for-Primary-userPasswo.patch (2K) Download Attachment
0006-password_hash-generate-and-store-Primary-userPasswor.patch (8K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
On Wed, 2017-04-05 at 07:06 +1200, Gary Lockyer via samba-technical
wrote:
> Subject: [PATCH 1/6] password_hash: Add tests to allow refactoring
>
> Add tests for password_hash.c to allow refactoring of
> setup_supplemental_field

In this patch there are quite a few references to userPassword that
should be supplementalCredentials.  I see you fix those up later, but
if you could pull those into this patch, we should be able to get this
much upstream.

Thanks,

Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba





Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Hi,

In the python tests:

[PATCH 1/6] password_hash: Add tests to allow refactoring

[PATCH 5/6] tests password_hash: add tests for Primary:userPassword

There's extra whitespace before the first parameters. I would try to
clean that up before we get it merged.

Lines like:

(pos, package) = get_package( sc, "Packages")
self.assertEquals( "5", data[1])
data = hash.split( "$")

Hopefully it's not too much of a hassle.

Cheers,

Garming

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Revised patch set attached.
- tests renamed
- unused imports removed
- white space after brackets removed


On 05/04/17 17:03, Andrew Bartlett via samba-technical wrote:

> On Wed, 2017-04-05 at 07:06 +1200, Gary Lockyer via samba-technical
> wrote:
>> Subject: [PATCH 1/6] password_hash: Add tests to allow refactoring
>>
>> Add tests for password_hash.c to allow refactoring of
>> setup_supplemental_field
>
> In this patch there are quite a few references to userPassword that
> should be supplementalCredentials.  I see you fix those up later, but
> if you could pull those into this patch, we should be able to get this
> much upstream.
>
> Thanks,
>
> Andrew Bartlett
>

0001-password_hash-Add-tests-to-allow-refactoring.patch (28K) Download Attachment
0002-password_hash-refactor-setup_supplemental_field.patch (15K) Download Attachment
0003-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch (2K) Download Attachment
0004-docs-configuration-options-for-Primary-userPassword.patch (5K) Download Attachment
0005-tests-password_hash-add-tests-for-Primary-userPasswo.patch (12K) Download Attachment
0006-password_hash-generate-and-store-Primary-userPasswor.patch (8K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
Updated patch set.
- Multiple hashes can be specified for userPassword
- added parameters
        'additional password hash sha256 rounds'
        'additional password hash sha512 rounds'
  To control the number of hashing rounds on a per algorithm
  basis.

Next patches will change sambatool syncpassword
- to return the WDigest values
- if a userPassword hash exists it will be returned for
  virtualCryptSHA256 virtualCryptSHA512. rather than
  calculating the value.

I believe these patches are ready for review, so review and comment
appreciated.

Gary

On 06/04/17 08:22, Gary Lockyer via samba-technical wrote:

> Revised patch set attached.
> - tests renamed
> - unused imports removed
> - white space after brackets removed
>
>
> On 05/04/17 17:03, Andrew Bartlett via samba-technical wrote:
>> On Wed, 2017-04-05 at 07:06 +1200, Gary Lockyer via samba-technical
>> wrote:
>>> Subject: [PATCH 1/6] password_hash: Add tests to allow refactoring
>>>
>>> Add tests for password_hash.c to allow refactoring of
>>> setup_supplemental_field
>>
>> In this patch there are quite a few references to userPassword that
>> should be supplementalCredentials.  I see you fix those up later, but
>> if you could pull those into this patch, we should be able to get this
>> much upstream.
>>
>> Thanks,
>>
>> Andrew Bartlett
>>

0001-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch (2K) Download Attachment
0002-docs-configuration-options-for-Primary-userPassword.patch (7K) Download Attachment
0003-tests-password_hash-add-tests-for-Primary-userPasswo.patch (17K) Download Attachment
0004-password_hash-generate-and-store-Primary-userPasswor.patch (10K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [WIP] Add tests for supplementalCredentials, store other hash types

Samba - samba-technical mailing list
Updated patch set
includes changes and tests for the samba-tool user command

There are some outstanding whitespace fixes, and another two tests to
add. I'll be doing the changes tomorrow morning.

Once the changes are made I'm hoping to get two team reviews, and the
code landed.

Any comments greatly appreciated.

Thanks
Gary


> On 06/04/17 08:22, Gary Lockyer via samba-technical wrote:
>> Revised patch set attached.
>> - tests renamed
>> - unused imports removed
>> - white space after brackets removed
>>
>>
>> On 05/04/17 17:03, Andrew Bartlett via samba-technical wrote:
>>> On Wed, 2017-04-05 at 07:06 +1200, Gary Lockyer via samba-technical
>>> wrote:
>>>> Subject: [PATCH 1/6] password_hash: Add tests to allow refactoring
>>>>
>>>> Add tests for password_hash.c to allow refactoring of
>>>> setup_supplemental_field
>>>
>>> In this patch there are quite a few references to userPassword that
>>> should be supplementalCredentials.  I see you fix those up later, but
>>> if you could pull those into this patch, we should be able to get this
>>> much upstream.
>>>
>>> Thanks,
>>>
>>> Andrew Bartlett
>>>

0001-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch (2K) Download Attachment
0002-docs-configuration-options-for-Primary-userPassword.patch (7K) Download Attachment
0003-tests-password_hash-add-tests-for-Primary-userPasswo.patch (17K) Download Attachment
0004-password_hash-generate-and-store-Primary-userPasswor.patch (11K) Download Attachment
0005-samba-tool-tests-Tests-for-virtualWDigest-and-virtua.patch (18K) Download Attachment
0006-samba-tool-user-add-support-for-userPassword-and-WDi.patch (13K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

{PATCH] store extra password hashes in supplemental credentials

Samba - samba-technical mailing list
Completed patch set to:
- Calculate SHA256 and SHA512 password hashes and store in
  supplementalCredentials Primary:userPassword
- add configuration options to control the generation of these
  hashes and the number of rounds used to calculate them.
  * 'password hash additional scheme'
  * 'password hash sha256 rounds'
  * 'password hash sha512 rounds'
- add new virtual attributes virtualWDigest01 to virtualWDigest29 to
  make the WDigest values available
- change virtualCryptSHA256 and virtualCryptSHA512 to:
  * return the stored values in Primary:userPassword if available
  * honor 'password hash sha256 rounds' and
    'password hash sha512 rounds' when calculating the hashes.

Review appreciated

Gary

0001-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch (2K) Download Attachment
0002-docs-configuration-options-for-Primary-userPassword.patch (7K) Download Attachment
0003-tests-password_hash-remove-unused-import.patch (835 bytes) Download Attachment
0004-tests-password_hash-fix-white-space.patch (1K) Download Attachment
0005-tests-password_hash-add-tests-for-Primary-userPasswo.patch (16K) Download Attachment
0006-password_hash-generate-and-store-Primary-userPasswor.patch (11K) Download Attachment
0007-samba-tool-tests-Tests-for-virtualWDigest-and-virtua.patch (22K) Download Attachment
0008-samba-tool-user-add-support-for-userPassword-and-WDi.patch (13K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: {PATCH] store extra password hashes in supplemental credentials

Samba - samba-technical mailing list
On Wed, 2017-04-12 at 10:57 +1200, Gary Lockyer via samba-technical
wrote:

> Completed patch set to:
> - Calculate SHA256 and SHA512 password hashes and store in
>   supplementalCredentials Primary:userPassword
> - add configuration options to control the generation of these
>   hashes and the number of rounds used to calculate them.
>   * 'password hash additional scheme'
>   * 'password hash sha256 rounds'
>   * 'password hash sha512 rounds'
> - add new virtual attributes virtualWDigest01 to virtualWDigest29 to
>   make the WDigest values available
> - change virtualCryptSHA256 and virtualCryptSHA512 to:
>   * return the stored values in Primary:userPassword if available
>   * honor 'password hash sha256 rounds' and
>     'password hash sha512 rounds' when calculating the hashes.
>
> Review appreciated
Thanks Gary!

This looks really good.  

Reviewed-by: Andrew Bartlett <[hidden email]>

Can I get a second team review for this great work?

Metze:  I know you have been really busy, but I'm quite confident we
have addressed your concerns and we have a sensible, future-proof
design that addresses the concerns you listed.

The only think we haven't done is the code to keep the old elements.
Sadly this is beyond what we can do right now, but we have left a great
framework to test this.  Perhaps add it when we add Primary:NTLM-
Strong-NTOWF?

If I can get a second reviewer, I would really like to push this
tomorrow, before the Easter break.  

Thanks,

Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba




signature.asc (879 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: {PATCH] store extra password hashes in supplemental credentials

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Gi Gary and Andrew,

> Completed patch set to:
> - Calculate SHA256 and SHA512 password hashes and store in
>   supplementalCredentials Primary:userPassword
> - add configuration options to control the generation of these
>   hashes and the number of rounds used to calculate them.
>   * 'password hash additional scheme'
>   * 'password hash sha256 rounds'
>   * 'password hash sha512 rounds'
> - add new virtual attributes virtualWDigest01 to virtualWDigest29 to
>   make the WDigest values available
> - change virtualCryptSHA256 and virtualCryptSHA512 to:
>   * return the stored values in Primary:userPassword if available
>   * honor 'password hash sha256 rounds' and
>     'password hash sha512 rounds' when calculating the hashes.
>
> Review appreciated
I still think we should use {CRYPT} if we're using the crypt_r() function
to generate the value.

Looking at the openldap code I see
{SHA256} and {SHA512} only in contrib/slapd-modules/passwd/sha2/,
but not in the main code libraries/liblutil/passwd.c

Looking at the code I can't see how the value you calculate
using crypt_r() can be verified with the {SHA256} and {SHA512} code.
If we don't want to use {CRYPT} we should implement {SSHA256} and
{SSHA512} (with salt)
instead of {SHA256} and {SHA512} (without salt) and match the actual
implementation.

I still think it's confusing to have "password hash sha256 rounds" and
"password hash sha512 rounds" as separate options.

What about using the names virtualSSHA, virtualCryptSHA256,
virtualCryptSHA512
as names in:

        typedef struct {
                [value(2*strlen_m(scheme))] uint16 name_len;
                [charset(UTF16)] uint8 name[name_len];
                [value((value?value->length:0))] uint32 value_len;
                [relative,subcontext(0),subcontext_size(value_len),
                        flag(NDR_REMAINING)] DATA_BLOB *value;
        } package_PrimaryVirualPasswordValue;

        typedef [public] struct {
                samr_Password current_nt_hash;
                uint16 num_values;
                package_PrimaryUserPasswordValue values[num_values];
        } package_PrimaryVirtualPasswordsBlob;

If you want you can also implement virtualSSHA256 and virtualSSHA512
(in password_hash.c as well as in samba-tool user getpassword),
but using SHA{256,512}_{Init,Update,Final}() directly.
Very similar to virtualSSHA.

Sorry, but we really have to get this sane before it can be pushed.

metze


signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: {PATCH] store extra password hashes in supplemental credentials

Samba - samba-technical mailing list
Patches reworked to use {Crypt}

On 12/04/17 11:33, Stefan Metzmacher wrote:

> Gi Gary and Andrew,
>
>> Completed patch set to:
>> - Calculate SHA256 and SHA512 password hashes and store in
>>   supplementalCredentials Primary:userPassword
>> - add configuration options to control the generation of these
>>   hashes and the number of rounds used to calculate them.
>>   * 'password hash additional scheme'
>>   * 'password hash sha256 rounds'
>>   * 'password hash sha512 rounds'
>> - add new virtual attributes virtualWDigest01 to virtualWDigest29 to
>>   make the WDigest values available
>> - change virtualCryptSHA256 and virtualCryptSHA512 to:
>>   * return the stored values in Primary:userPassword if available
>>   * honor 'password hash sha256 rounds' and
>>     'password hash sha512 rounds' when calculating the hashes.
>>
>> Review appreciated
>
> I still think we should use {CRYPT} if we're using the crypt_r() function
> to generate the value.
>
> Looking at the openldap code I see
> {SHA256} and {SHA512} only in contrib/slapd-modules/passwd/sha2/,
> but not in the main code libraries/liblutil/passwd.c
>
> Looking at the code I can't see how the value you calculate
> using crypt_r() can be verified with the {SHA256} and {SHA512} code.
> If we don't want to use {CRYPT} we should implement {SSHA256} and
> {SSHA512} (with salt)
> instead of {SHA256} and {SHA512} (without salt) and match the actual
> implementation.
>
> I still think it's confusing to have "password hash sha256 rounds" and
> "password hash sha512 rounds" as separate options.
>
> What about using the names virtualSSHA, virtualCryptSHA256,
> virtualCryptSHA512
> as names in:
>
> typedef struct {
> [value(2*strlen_m(scheme))] uint16 name_len;
> [charset(UTF16)] uint8 name[name_len];
> [value((value?value->length:0))] uint32 value_len;
> [relative,subcontext(0),subcontext_size(value_len),
> flag(NDR_REMAINING)] DATA_BLOB *value;
> } package_PrimaryVirualPasswordValue;
>
> typedef [public] struct {
> samr_Password current_nt_hash;
> uint16 num_values;
> package_PrimaryUserPasswordValue values[num_values];
> } package_PrimaryVirtualPasswordsBlob;
>
> If you want you can also implement virtualSSHA256 and virtualSSHA512
> (in password_hash.c as well as in samba-tool user getpassword),
> but using SHA{256,512}_{Init,Update,Final}() directly.
> Very similar to virtualSSHA.
>
> Sorry, but we really have to get this sane before it can be pushed.
>
> metze
>

0001-idl-drsblobs-add-the-blobs-required-for-Primary-user.patch (2K) Download Attachment
0002-docs-configuration-options-for-Primary-userPassword.patch (7K) Download Attachment
0003-tests-password_hash-remove-unused-import.patch (835 bytes) Download Attachment
0004-tests-password_hash-fix-white-space.patch (1K) Download Attachment
0005-tests-password_hash-add-tests-for-Primary-userPasswo.patch (16K) Download Attachment
0006-password_hash-generate-and-store-Primary-userPasswor.patch (11K) Download Attachment
0007-samba-tool-tests-Tests-for-virtualWDigest-and-virtua.patch (22K) Download Attachment
0008-samba-tool-user-add-support-for-userPassword-and-WDi.patch (13K) Download Attachment
signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: {PATCH] store extra password hashes in supplemental credentials

Samba - samba-technical mailing list
On Wed, 2017-04-12 at 13:39 +1200, Gary Lockyer via samba-technical
wrote:
> Patches reworked to use {Crypt}

Thanks Gary.

> On 12/04/17 11:33, Stefan Metzmacher wrote:
> > Gi Gary and Andrew,
> >
> > > Completed patch set to:
> > > - Calculate SHA256 and SHA512 password hashes and store in
> > >   supplementalCredentials Primary:userPassword
> > > - add configuration options to control the generation of these
> > >   hashes and the number of rounds used to calculate them.
> > >   * 'password hash additional scheme'
> > >   * 'password hash sha256 rounds'
> > >   * 'password hash sha512 rounds'
> > > - add new virtual attributes virtualWDigest01 to virtualWDigest29
> > > to
> > >   make the WDigest values available
> > > - change virtualCryptSHA256 and virtualCryptSHA512 to:
> > >   * return the stored values in Primary:userPassword if available
> > >   * honor 'password hash sha256 rounds' and
> > >     'password hash sha512 rounds' when calculating the hashes.
> > >
> > > Review appreciated
> >
> > I still think we should use {CRYPT} if we're using the crypt_r()
> > function
> > to generate the value.
I'm really sorry for not getting this the first few times you asked for
it.

> > Looking at the openldap code I see
> > {SHA256} and {SHA512} only in contrib/slapd-modules/passwd/sha2/,
> > but not in the main code libraries/liblutil/passwd.c
> >
> > Looking at the code I can't see how the value you calculate
> > using crypt_r() can be verified with the {SHA256} and {SHA512}
> > code.
> > If we don't want to use {CRYPT} we should implement {SSHA256} and
> > {SSHA512} (with salt)
> > instead of {SHA256} and {SHA512} (without salt) and match the
> > actual
> > implementation.
Indeed.  I'm embarrassed I pushed this so far without properly looking
at the code/specification.  I'm also rather shocked that even in 2009
that unsalted hash values were being considered, let alone implemented!

> > I still think it's confusing to have "password hash sha256 rounds"
> > and
> > "password hash sha512 rounds" as separate options.

OK.  The patch Gary re-submitted keeps those (renamed) because it makes
it easier to re-use them for your samba-tool user getpassword case, but
I'm willing to be convinced.  If you could remind you

> > What about using the names virtualSSHA, virtualCryptSHA256,
> > virtualCryptSHA512

I've used CryptSHA256 and CryptSHA512 for now, matching these but
without the virtual bit (which makes less sense in this context).  If
we ever do SSHA we can decide if we want {SSHA} or so then.

> > Sorry, but we really have to get this sane before it can be pushed.

Thanks for the pushback.  Please do have a look over the patch set, and
if you are OK with this, then we can proceed to review, but otherwise
lets work out the final kinks at SambaXP.

Hopefully that will be much less frustrating, and a much more natural
extension of the work you did for SambaGPG.

Finally, I'm really sorry for rushing this with my basic facts so
poorly researched.  

Thanks,

Andrew Bartlett

--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba




signature.asc (879 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: {PATCH] store extra password hashes in supplemental credentials

Samba - samba-technical mailing list
On Wed, 2017-04-12 at 15:38 +1200, Andrew Bartlett via samba-technical
wrote:

> On Wed, 2017-04-12 at 13:39 +1200, Gary Lockyer via samba-technical
> wrote:
> > Patches reworked to use {Crypt}
>
> Thanks Gary.
>
> > On 12/04/17 11:33, Stefan Metzmacher wrote:
> > > Gi Gary and Andrew,
> > >
> > > > Completed patch set to:
> > > > - Calculate SHA256 and SHA512 password hashes and store in
> > > >   supplementalCredentials Primary:userPassword
> > > > - add configuration options to control the generation of these
> > > >   hashes and the number of rounds used to calculate them.
> > > >   * 'password hash additional scheme'
> > > >   * 'password hash sha256 rounds'
> > > >   * 'password hash sha512 rounds'
> > > > - add new virtual attributes virtualWDigest01 to
> > > > virtualWDigest29
> > > > to
> > > >   make the WDigest values available
> > > > - change virtualCryptSHA256 and virtualCryptSHA512 to:
> > > >   * return the stored values in Primary:userPassword if
> > > > available
> > > >   * honor 'password hash sha256 rounds' and
> > > >     'password hash sha512 rounds' when calculating the hashes.
> > > >
> > > > Review appreciated
> > >
> > > I still think we should use {CRYPT} if we're using the crypt_r()
> > > function
> > > to generate the value.
>
> I'm really sorry for not getting this the first few times you asked
> for
> it. 
>
> > > Looking at the openldap code I see
> > > {SHA256} and {SHA512} only in contrib/slapd-modules/passwd/sha2/,
> > > but not in the main code libraries/liblutil/passwd.c
> > >
> > > Looking at the code I can't see how the value you calculate
> > > using crypt_r() can be verified with the {SHA256} and {SHA512}
> > > code.
> > > If we don't want to use {CRYPT} we should implement {SSHA256} and
> > > {SSHA512} (with salt)
> > > instead of {SHA256} and {SHA512} (without salt) and match the
> > > actual
> > > implementation.
>
> Indeed.  I'm embarrassed I pushed this so far without properly
> looking
> at the code/specification.  I'm also rather shocked that even in 2009
> that unsalted hash values were being considered, let alone
> implemented!
>
> > > I still think it's confusing to have "password hash sha256
> > > rounds"
> > > and
> > > "password hash sha512 rounds" as separate options.
>
> OK.  The patch Gary re-submitted keeps those (renamed) because it
> makes
> it easier to re-use them for your samba-tool user getpassword case,
> but
> I'm willing to be convinced.  If you could remind you 
Err..

If you could suggest a syntax that you like, we can code it up.
Options include:

CryptSHA512:5500 CryptSHA256

or probably better:

CryptSHA512:rounds=5500 CryptSHA256

I'm not sure how to fit those in to the attributes for the 'samba-tool
user getpassword' case, but perhaps you have clearer ideas.

> What about using the names virtualSSHA, virtualCryptSHA256,
> > > virtualCryptSHA512
>
> I've used CryptSHA256 and CryptSHA512 for now, matching these but
> without the virtual bit (which makes less sense in this context).  If
> we ever do SSHA we can decide if we want {SSHA} or so then.
>
> > > Sorry, but we really have to get this sane before it can be
> > > pushed.
>
> Thanks for the pushback.  Please do have a look over the patch set,
> and
> if you are OK with this, then we can proceed to review, but otherwise
> lets work out the final kinks at SambaXP. 
>
> Hopefully that will be much less frustrating, and a much more natural
> extension of the work you did for SambaGPG.
>
> Finally, I'm really sorry for rushing this with my basic facts so
> poorly researched.  
>
> Thanks,
>
> Andrew Bartlett
>
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT  
https://catalyst.net.nz/services/samba




signature.asc (879 bytes) Download Attachment
Loading...