Re: NTLM and OpenLDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Wed, 2022-03-02 at 11:20 -0500, Marc Boorshtein wrote:
> > 
> > 
> > 
> > the NTLM plugin in cyrus-sasl is an old broken custom
> > implementation of
> > NTLM. It used a dirty hack to try to replay the NTLM authentication
> > against an SMB server (using old skeleton SMB 1 implementation
> > which
> > uses a SMB dialect now disabled on most servers) as a way to
> > support
> > authenticating against a separate server. This kind of
> > authentication
> > hijack will not work with any modern setup.
> > 
> > 
> Let's assume for the sake of argument that SMB1 is still enabled
> (like I
> said, this is a REALLY legacy environment), would what I'm trying
> still not
> work?

It depends on the DC, and the client, if the client or the DC wants a
MIC on the NTLMSSP exchange, this will fail because the MITM (your
server) will break it.


Simo Sorce
RHEL Crypto Team
Red Hat, Inc

Cyrus: SASL
Delivery options:

[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux