Secure authtentication (SPA) with MS Outlook 2002?
sam wun
sam.wun at authtec.net
Sat Nov 6 04:43:04 EST 2004
Ken Murchison wrote:
> sam wun wrote:
>
>> Roland Pope wrote:
>>
>>> ----- Original Message ----- From: "sam wun" <sam.wun at authtec.net>
>>>
>>>
>>>> Do you know how to configure imapd.conf to support NTLM
>>>> authentication?
>>>>
>>>
>>>
>>> You need to have the SASL NTLM plugin in your SASL plugins directory
>>> (/usr/lib/sasl2/libntlm.so under RedHat Linux). If it's not there,
>>> you will
>>> need to recompile SASL with --enable-ntlm set.
>>> To enable IMAP use of NTLM you can use 'sasl_mech_list: NTLM' and
>>> 'sasl_ntlm_server: mywindowsdc' (where 'mywindowsdc' is the name of
>>> your
>>> windows domain controller), in your imapd.conf file.
>>>
>>>
> You do not have to set sasl_ntlm_server. If not set, then the mail
> server will generate its own challenges and verify the password from
> whatever auxprop plugin you are using (e.g. sasldb).
>
> sasl_ntlm_server is only used if you already have a windows domain
> controller present and don't want to duplicate passwords.
>
Hi,
I included NTLM inthe sasl_mech_list, which look like as below:
#sasl_mech_list: plain login cram-md5 digest-md5
sasl_mech_list: NTLM
#sasl_pwcheck_method: saslauthd
sasl_pwcheck_method: auxprop
sievedir: /var/imap/sieve
timeout: 30
but Outlook still failed with the error "relay not permitted."
I have sasl2 compiled with ntlm:
# ls -l /usr/local/lib/sasl2 | grep ntlm
-rw-r--r-- 1 root wheel 28268 Oct 25 13:53 libntlm.a
lrwxr-xr-x 1 root wheel 12 Oct 25 13:53 libntlm.so@ -> libntlm.so.2
-rwxr-xr-x 1 root wheel 31858 Oct 25 13:53 libntlm.so.2*
Thanks
Sam
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list