On Mon, 2004-09-27 at 22:46, Timo Sirainen wrote:
On 27.9.2004, at 15:17, Andrew Bartlett wrote:
- Unicode support is by 'null padding' - there is no real support for non-ascii characters.
What does support for this actually mean? Does NTLM support multiple character sets or how exactly is the conversion done? A simple UTF8 -> UTF16 would be easy. iconv() could be used for other translations.
So, NTLMSSP can be in ASCII, aka OEM, (as the first packet is, by default) and unicode (UTF16). I've looked over the Dovecot code again, and was a little confused on the first reading. Indeed, the fix to my unicode worries should be just to:
- Support ASCII (for Win9X clients)
- Convert properly between UTF16 and UTF8 when the unicode flag is set.
Use of ntlm_auth allows use of external password databases, but doesn't prevent the use of other mechanisms in any way. As I mentioned before, I'm quite willing to work with developers in the implementation of an appropriate callback to allow application that already assume 'I have the plaintext' to have Samba at least handle the NTLMSSP parsing and authentication.
I'm not against ntlm_auth() support, but personally I don't really care about it at the moment. I'm of course willing to answer questions about Dovecot code if someone wants to implement it.
Why do I feel we are heading for a mexican standoff here ;-)
Andrew Bartlett
-- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net