On 2010-11-01 at 23:39 +0100, Kurt Jaeger wrote:
> o exim sends a "334 NTLM supported"
> o Outlook 2010 as a client sends some base64
> which is a NLMP NEGOTIATE blob, described in
> http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NLMP%5D.pdf
> page 15ff
> o exim answers with a NLMP CHALLENGE blob, described in the same
> document, page 19ff.
This is the point at which things have gone wrong; Exim worked to an
older specification, MS updated to have NTLM support Initial Response, a
common SASL name, which basically means "send the first part of the
authentication at the same time as asking to authenticate".
Exim head already contains a probable fix for this, but I don't have
Outlook clients to test against and I don't recall if the reporter
verified it. Hrm, no Bugzilla entry, but it's:
PP/06 Adjust NTLM authentication to handle SASL Initial Response.
in the ChangeLog for version 4.73 (forthcoming.
The commit is:
http://git.exim.org/exim.git/commit/55c75993b43ac91069a5fbe9cc7a8d48cda84ee0
and the diff should apply cleanly to any relatively recent SPA.
You're probably right about Exim not cancelling properly, and thanks for
reporting that. I can't look right now, as it's work hours and Exim dev
work has to be done on my time, but tonight I should finally have
working home Internet connectivity and be able to catch back up on some
pending Exim issues, including this.
Regards,
-Phil