[ANN] New NTLM SASL code

Ken Murchison ken at oceana.com
Sun Aug 24 21:00:40 EDT 2003

For those of you who have been using the NTLM SASL plugin to support 
Outlook clients, I have just committed some new code to CVS which allows 
the authentication to be proxied to an existing M$ (or Samba?) server.

This allows you to offer NTLM to your clients w/o having to populate an 
auxprop backend with user secrets.  The code essentially does what 
pam_smb does for plaintext authentication (although my code is 
completely independent and doesn't borrow anything from SMBlib) -- it 
does user-level authentication to the M$ server, but it actually proxies 
the server challenge to the client, and the client responses to the server.

The code still needs some more work (NetBIOS name resolution, Unicode 
support), but its working for my OE client against my WinNT server.  If 
anyone tries it and has any problems, I would appreciate a protocol dump 
of the IMAP/POP3/NNTP/SMTP connection from the client to the SASL server 
and of the NetBIOS/SMB (port 139) connection from the SASL server to the 
M$ server.

Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp

More information about the Info-cyrus mailing list