On Wed, 2022-03-02 at 11:20 -0500, Marc Boorshtein wrote: > > > > > > > > the NTLM plugin in cyrus-sasl is an old broken custom > > implementation of > > NTLM. It used a dirty hack to try to replay the NTLM authentication > > against an SMB server (using old skeleton SMB 1 implementation > > which > > uses a SMB dialect now disabled on most servers) as a way to > > support > > authenticating against a separate server. This kind of > > authentication > > hijack will not work with any modern setup. > > > > > Let's assume for the sake of argument that SMB1 is still enabled > (like I > said, this is a REALLY legacy environment), would what I'm trying > still not > work? It depends on the DC, and the client, if the client or the DC wants a MIC on the NTLMSSP exchange, this will fail because the MITM (your server) will break it. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc ------------------------------------------ Cyrus: SASL Permalink: https://cyrus.topicbox.com/groups/sasl/Tac2134087a4e755f-Mc81ae0d2866f2503c02fdedc Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
