As this project is feature complete and fullfilled its purpose, it has been archived.
A shell script that works as a drop-in replacement for ntml_auth
when used for MSCHAP v2 authentication, so no full Samba installation is required in many situations; at least if the correct plugin exists. The task of plugin is to fetch the plain-text user password or the pre-calculated MD4 user password hash (also known as NTHASH
or sambaNTHash
or just NTML password
).
The script behaves like the original ntml_auth
when called with the argument --request-nt-key
. The following arguments are supported and expected to be present:
--username
--challenge
--nt-response
Documentation of the original tool: ntml_auth
It also allows the argument --allow-mschapv2
but simply ignores it as the script always operates in MSCHAP v2 mode
The following two new parameters were added:
--plugin
: Which plugin to use (relative or absolute path to plugin).--plugin-args
: Which arguments to pass to the plugin (separated by space; quoting is possible).
Note that the last two arguments can also be set via the environment variables NTLM_AUTH_PLUGIN
and NTLM_AUTH_PLUGIN_ARGS
instead; arguments override environment variables if both are set.
The only requirement aside from a POSIX shell environment is OpenSSL to perform the cryptographic operations.
Note that plugins may have requirements of their own but those are only relevant if that plugin is in use.
See plugin README.