The attached patch provides a method auth_crap_hash to samba.winbind that authenticates a username given the challenge and response hashes. This is useful for something like a Python webserver or transparent proxy that authenticates the client using the NTLM protocol through which it can get the username, challenge, and response hashes, but no password. The auth_crap_hash method can then be used to authenticate the username, challenge, and response hashes with Samba. The method name may not be the best. Something like auth_crap_passthrough may be better.
Created attachment 1228 [details] Patch that adds auth_crap_hash method to samba.winbind.
Cleaning up versions. There was no 3.0.15 so leaving it in bugzilla is causing some confusion. Moving these nuder 3.0.20. Originally files against 3.0.15preX.
Thanks Ed. We no longer have a py_winbind.c to put this in, nor AFAICT any remnant of it under another name, so I will close this bug.