Outlook 2007 SPA authentification problem solved (NTLM plugin bug)
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Tue May 6 06:44:38 EDT 2008
Hi,
--On 4. Mai 2008 13:10:43 +0200 CHCNET Consulting <office at chcnet.net> wrote:
> I've patched the ntlm plugin, to support also Outlook 2007, which uses a
> slightly different approach to authenticate. All Outlook versions prior
> to 2007 using a two-stage method: first they try to authenticate with the
> username and windows domain instead of the maildomain (which of course
> doesn't work, unless we have in our sasdb user at NTDOMAIN). Outlook 2007
> changed this method to username at maildomain.com. I.e. the NTLM auth is
> sent with username and client domain, where client domain is finally
> correctly our email domain!
I don't use Outlook or even Windows personally, so I'm a bit clueless about
these things, but: I run a mail server with many users that have that
combo. We allow NTLM among other SASL methods. So I'm interested in that
patch, but I'm confused. I haven't heard any complaints from Outlook 2007
users so far. The reason may be that they don't use NTLM, I'm not sure.
There have been complaints, however, from Vista users. I've been told that
Vista requires NTLMv2 by default. I assume that the plugin only doies
NTLMv1? Or is that perhaps a misunderstanding?
BTW, I just checked again and found that the issue appears to be with SMTP,
not with IMAP. We run sendmail with the same SASL libs, though.
Cheers, Sebastian
--
.:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:.
Zentrum für angewandte Informatik - Universitätsweiter Service RRZK
.:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:.
.:.:.:.Skype: shagedorn.:.:.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080506/fa005a5f/attachment.bin
More information about the Cyrus-sasl
mailing list