NTLMv2 Support in Cyrus Sasl2

Dan White dwhite at olp.net
Mon Oct 5 11:27:42 EDT 2009


On 05/10/09 14:49 +0530, Dhruva T S wrote:
>
>Dan,
>
>Thanks for replying.
>
>I have applied the given patch successfully to Cyrus SASL version 2.1.20 using 'patch -p1 < patch file.txt'
>
>Then I did "./configure --enable-ntlm --with-ntlm-impl=samba'
>But when I did 'make', I got the following errors,
>
>gcc -bundle -undefined error -o .libs/libntlm.2.0.20.so  ntlm.lo ntlm_init.lo plugin_common.lo  -lresolv -lresolv -lc  
>Undefined symbols:
>  "_DES_set_odd_parity", referenced from:
>      _E in ntlm.lo
>  "_HMAC_Update", referenced from:
>      _V2 in ntlm.lo
>      _V2 in ntlm.lo
>  "_HMAC", referenced from:
>      _V2 in ntlm.lo
>  "_EVP_md5", referenced from:
>      _V2 in ntlm.lo
>      _V2 in ntlm.lo
>  "_DES_ecb_encrypt", referenced from:
>      _E in ntlm.lo
>  "_MD4", referenced from:
>      _P16_nt in ntlm.lo
>  "_HMAC_CTX_cleanup", referenced from:
>      _V2 in ntlm.lo
>
>Later I changed the patched configure.in file by adding
> "-lcrypto $LIB_RSAREF" to NTLM_LIBS in "if test "$ntlm_impl" = samba; then  NTLM_LIBS=""
>After this change, the above errors were gone.

Great! 

>When I did "ldapsearch" from OpenLDAP, I got " Unknown authentication method (-6): SASL(-4):No such mechanism"

I'm not sure if that's a server side error or client side error. Try
running pluginviewer on both systems to verify the ntlm mechanism is
installed. What does your ldapsearch command look like?

Also, make sure that the openldap server is advertising the mechanism:

ldapsearch -LLL -x -H ldap://ldap.example.org -s "base" -b ""
supportedSASLMechanisms

>Can this patch be applied to SASL version 2.1.23 after suitable modifications?

That would be up to the developers. You can file a bug report with your patch.

-- 
Dan White


More information about the Cyrus-sasl mailing list