Re: [exim-dev] patch: src/auths/spa.c fix for cancelled AUTH…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: Kurt Jaeger
CC: exim-dev
Sujet: Re: [exim-dev] patch: src/auths/spa.c fix for cancelled AUTH NTLM
On 2010-11-01 at 23:39 +0100, Kurt Jaeger wrote:
>   o exim sends a "334 NTLM supported"
>   o Outlook 2010 as a client sends some base64
>     which is a NLMP NEGOTIATE blob, described in
>     http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NLMP%5D.pdf
>     page 15ff
>   o exim answers with a NLMP CHALLENGE blob, described in the same
>     document, page 19ff.


This is the point at which things have gone wrong; Exim worked to an
older specification, MS updated to have NTLM support Initial Response, a
common SASL name, which basically means "send the first part of the
authentication at the same time as asking to authenticate".

Exim head already contains a probable fix for this, but I don't have
Outlook clients to test against and I don't recall if the reporter
verified it. Hrm, no Bugzilla entry, but it's:
PP/06 Adjust NTLM authentication to handle SASL Initial Response.
in the ChangeLog for version 4.73 (forthcoming.

The commit is:
http://git.exim.org/exim.git/commit/55c75993b43ac91069a5fbe9cc7a8d48cda84ee0
and the diff should apply cleanly to any relatively recent SPA.


You're probably right about Exim not cancelling properly, and thanks for
reporting that. I can't look right now, as it's work hours and Exim dev
work has to be done on my time, but tonight I should finally have
working home Internet connectivity and be able to catch back up on some
pending Exim issues, including this.

Regards,
-Phil