Looking for NTLM config example

aki.tuomi at dovecot.fi aki.tuomi at dovecot.fi
Mon Jun 27 18:14:13 UTC 2016


> On June 27, 2016 at 8:50 PM Gregory Sloop <gregs at sloop.net> wrote:
> 
> 
> 
> 
> TT> On 6/27/2016 2:45 AM, Mark Foley wrote:
> >> While continuing to test gssapi, I thought I check out your suggestion on NTLM v1. I did set
> >> Thunderbird to NTLM v1 ...
> 
> TT> You are aware, I hope, that NTLM v1 is well over 20 years old and
> TT> is trivially compromised today. Basically, it's about as secure as
> TT> sending plaintext passwords. Since you're supporting SSL on your
> TT> Dovecot server, why not require it, and not bother with NTLM auth?
> 
> I can't speak for the OP, but I suspect he'd like to use a SSO for dovecot, utilizing the same credentials as is in their Samba AD infrastructure. [Thus, have Dovecot submit authentications for dovecot to the AD domain and get an ack/nak on success.] So, he's not eager to use NTLMv1, but isn't getting much love in how to setup proxy auth against AD. [I suspect asking on the Samba list isn't a bad idea, but I'm surprised he hasn't gotten some good pointers here. There really ought to be a FAQ of white-paper on it, and I'm dismayed there isn't.]
> 
> -Greg

It's not very used feature as most with AD probably are using Exchange. I'll have a look at the NTLM authentication and see if we can improve it's documentation. 

---
Aki Tuomi 
Dovecot oy


More information about the dovecot mailing list