Andrey Panin wrote:
may be dovecot`s ntlm can take appropriate password hashes from openldap directly? (sambaLMPassword/sambaNTPassword)
Yes, dovecot can handle LM/NTLM password hashes and it can fetch them from OpenLDAP directly (look at doc/dovecot-ldap.conf)
In general you can store passwords in any supported form, just add proper password scheme prefix. For example: {NTLM}69943C5E63B4D2C104DBBCC15138B72B For more information read here: http://wiki.dovecot.org/Authentication
OK, it looks like it satisfies our case.
But in general, there can be other Domain controllers -- AD, NT native, or even Samba without ldap backend. For such cases, IMHO, my patch may help a bit.
I have not found anywhere a pop3/imap server with fine ntlm support. Fortunately, the dovecot allows to write another authentication daemon (without changing of main code), and I try to do it. All "lacks" of cyrus-sasl will be concentrated in this external daemon, therefore I think that I shall spoil nothing in dovecot itself.
Dmitry Butskoy <Dmitry@Butskoy.name>
Saint-Petersburg, Russia
Red Hat Certified Engineer 809003662809495