Outlook 2007 SPA authentification problem solved (NTLM plugin bug)
Gerard
gerard at seibercom.net
Tue May 6 07:21:14 EDT 2008
On Tue, 06 May 2008 12:44:38 +0200
Sebastian Hagedorn <Hagedorn at uni-koeln.de> wrote:
> Hi,
>
> --On 4. Mai 2008 13:10:43 +0200 CHCNET Consulting <office at chcnet.net>
> wrote:
>
> > I've patched the ntlm plugin, to support also Outlook 2007, which
> > uses a slightly different approach to authenticate. All Outlook
> > versions prior to 2007 using a two-stage method: first they try to
> > authenticate with the username and windows domain instead of the
> > maildomain (which of course doesn't work, unless we have in our
> > sasdb user at NTDOMAIN). Outlook 2007 changed this method to
> > username at maildomain.com. I.e. the NTLM auth is sent with username
> > and client domain, where client domain is finally correctly our
> > email domain!
>
> I don't use Outlook or even Windows personally, so I'm a bit clueless
> about these things, but: I run a mail server with many users that
> have that combo. We allow NTLM among other SASL methods. So I'm
> interested in that patch, but I'm confused. I haven't heard any
> complaints from Outlook 2007 users so far. The reason may be that
> they don't use NTLM, I'm not sure. There have been complaints,
> however, from Vista users. I've been told that Vista requires NTLMv2
> by default. I assume that the plugin only doies NTLMv1? Or is that
> perhaps a misunderstanding?
That is correct, NTLMv2 is the default for Vista. There is a short
article regarding NTLMv2 and Microsoft here:
http://technet.microsoft.com/en-us/magazine/cc160954.aspx
> BTW, I just checked again and found that the issue appears to be with
> SMTP, not with IMAP. We run sendmail with the same SASL libs, though.
>
> Cheers, Sebastian
--
Gerard
gerard at seibercom.net
Take your Senator to lunch this week.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/cyrus-sasl/attachments/20080506/e0a5e844/attachment.bin
More information about the Cyrus-sasl
mailing list