Outlook 2007 SPA authentification problem solved (NTLM plugin bug)

Sebastian Hagedorn Hagedorn at uni-koeln.de
Tue May 6 06:44:38 EDT 2008


Hi,

--On 4. Mai 2008 13:10:43 +0200 CHCNET Consulting <office at chcnet.net> wrote:

> I've patched the ntlm plugin, to support also Outlook 2007, which uses a
> slightly different approach to authenticate. All Outlook versions prior
> to 2007 using a two-stage method: first they try to authenticate with the
> username and windows domain instead of the maildomain (which of course
> doesn't work, unless we have in our sasdb user at NTDOMAIN). Outlook 2007
> changed this method to username at maildomain.com.  I.e. the NTLM auth is
> sent with username and client domain, where client domain is finally
> correctly our email domain!

I don't use Outlook or even Windows personally, so I'm a bit clueless about 
these things, but: I run a mail server with many users that have that 
combo. We allow NTLM among other SASL methods. So I'm interested in that 
patch, but I'm confused. I haven't heard any complaints from Outlook 2007 
users so far. The reason may be that they don't use NTLM, I'm not sure. 
There have been complaints, however, from Vista users. I've been told that 
Vista requires NTLMv2 by default. I assume that the plugin only doies 
NTLMv1? Or is that perhaps a misunderstanding?

BTW, I just checked again and found that the issue appears to be with SMTP, 
not with IMAP.  We run sendmail with the same SASL libs, though.

Cheers, Sebastian
-- 
     .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:.
                   .:.:.:.Skype: shagedorn.:.:.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080506/fa005a5f/attachment.bin 


More information about the Cyrus-sasl mailing list