Re: NTLM and OpenLDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2022-03-02 at 11:20 -0500, Marc Boorshtein wrote:
> > 
> > 
> > 
> > the NTLM plugin in cyrus-sasl is an old broken custom
> > implementation of
> > NTLM. It used a dirty hack to try to replay the NTLM authentication
> > against an SMB server (using old skeleton SMB 1 implementation
> > which
> > uses a SMB dialect now disabled on most servers) as a way to
> > support
> > authenticating against a separate server. This kind of
> > authentication
> > hijack will not work with any modern setup.
> > 
> > 
> Let's assume for the sake of argument that SMB1 is still enabled
> (like I
> said, this is a REALLY legacy environment), would what I'm trying
> still not
> work?

It depends on the DC, and the client, if the client or the DC wants a
MIC on the NTLMSSP exchange, this will fail because the MITM (your
server) will break it.

Simo.

-- 
Simo Sorce
RHEL Crypto Team
Red Hat, Inc





------------------------------------------
Cyrus: SASL
Permalink: https://cyrus.topicbox.com/groups/sasl/Tac2134087a4e755f-Mc81ae0d2866f2503c02fdedc
Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription




[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux