Re: [exim] problem with SPA authentication

Top Page
Delete this message
Reply to this message
Author: Slawomir Orlowski \(CYMPAK\)
Date:  
To: John Jetmore
CC: exim-users
Subject: Re: [exim] problem with SPA authentication
Hello,
Thank you very much for express response,

I have run
swaks --pipe "exim -bh 64.136.20.21" -a NTLM -au USER -ap PASS -q auth

<- **** SMTP testing session as if from host 64.136.20.21
<- **** but without any ident (RFC 1413) callback.
<- **** This is not for real!
<-
<- 220 diamond.cympak.com ESMTP Exim 4.60 Mon, 30 Jan 2006 16:58:47 -0500
-> EHLO diamond.cympak.com
<- >>> host in pipelining_advertise_hosts? yes (matched "*")
<- >>> host in auth_advertise_hosts? yes (matched "*")
<- 250-diamond.cympak.com Hello authns.nyc.untd.com [64.136.20.21]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-AUTH NTLM
<- 250 HELP
-> AUTH NTLM
<- 334 NTLM supported
-> TlRMTVNTUAABAAAAB7IAAAAAAAAAAAAAAAAAAAAAAAA=
<- 334 TlRMTVNTUAACAAAAAAAAAAAoAAABggAAEj2yrkCEJIMAAAAAAAAAAAAAAAAAAAAA
->
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAAAwAAAACAAIAHAAAAAIAAgAeAAAAAAAAABA
AAAAAYIAAMFq7QJAdvOaqarUlQymApLnvdkWHx5g78qQzSdH8PqIfXZaNbr5tHj1Dn1uYYRnenQA
ZQBzAHQAdABlAHMAdAA=
<** LOG: spa authenticator failed for authns.nyc.untd.com
(diamond.cympak.com) [64.136.20.21]: 435 Unable to authenticate at present:
reason not recorded
<** 435 Unable to authenticate at present
*** No authentication type succeeded
-> QUIT
<- 221 diamond.cympak.com closing connection
=== Connection closed with child process.

Any thoughts what could be the problem ?

Regards

----- Original Message -----
From: "John Jetmore" <jetmore@???>
To: "Slawomir Orlowski (CYMPAK)" <sorlowski@???>
Cc: <exim-users@???>
Sent: Monday, January 30, 2006 4:04 PM
Subject: Re: [exim] problem with SPA authentication


> On Sat, 28 Jan 2006, Slawomir Orlowski (CYMPAK) wrote:
>
> > testing:
> >
> > (AHRlc3QAdGVzdDIwMDU = echo -n -e '\0login\0password'|mimencode)
>
> This only tests PLAIN. NTLM is much more complex.
>
> > What I'm doing wrong, how to test spa authentication ?
>
> swaks (http://www.jetmore.org/john/code/#swaks):
> swaks --pipe "exim -bh 64.136.20.21" -a NTLM -au USER -ap PASS -q auth
>
> I just noticed this requires a To: address, which is a bug - shouldn't be
> needed when using -q auth (quitting before rcpt to is needed) and --pipe
> (recipient isn't needed to dynamically determine which server to connect
> to). Just type in anything when prompted, it won't be used. I'll fix it
> in the next release =)
>
> --John
>