Looking for NTLM config example

Gregory Sloop gregs at sloop.net
Mon Jun 27 17:50:32 UTC 2016



TT> On 6/27/2016 2:45 AM, Mark Foley wrote:
>> While continuing to test gssapi, I thought I check out your suggestion on NTLM v1. I did set
>> Thunderbird to NTLM v1 ...

TT> You are aware, I hope, that NTLM v1 is well over 20 years old and
TT> is trivially compromised today. Basically, it's about as secure as
TT> sending plaintext passwords. Since you're supporting SSL on your
TT> Dovecot server, why not require it, and not bother with NTLM auth?

I can't speak for the OP, but I suspect he'd like to use a SSO for dovecot, utilizing the same credentials as is in their Samba AD infrastructure. [Thus, have Dovecot submit authentications for dovecot to the AD domain and get an ack/nak on success.] So, he's not eager to use NTLMv1, but isn't getting much love in how to setup proxy auth against AD. [I suspect asking on the Samba list isn't a bad idea, but I'm surprised he hasn't gotten some good pointers here. There really ought to be a FAQ of white-paper on it, and I'm dismayed there isn't.]

-Greg






More information about the dovecot mailing list