[Dovecot] Concerned about Dovecot's new NTLM code

[Andrew Bartlett]

On Mon, 2004-09-27 at 22:46, Timo Sirainen wrote:
> On 27.9.2004, at 15:17, Andrew Bartlett wrote:
> 
> >>>>>  - Unicode support is by 'null padding' - there is no real support 
> >>>>> for
> >>>>> non-ascii characters.
> 
> What does support for this actually mean? Does NTLM support multiple 
> character sets or how exactly is the conversion done? A simple UTF8 -> 
> UTF16 would be easy. iconv() could be used for other translations.

So, NTLMSSP can be in ASCII, aka OEM, (as the first packet is, by
default) and unicode (UTF16).  I've looked over the Dovecot code again,
and was a little confused on the first reading.  Indeed, the fix to my
unicode worries should be just to:

 - Support ASCII (for Win9X clients)
 - Convert properly between UTF16 and UTF8 when the unicode flag is set.

> > Use of ntlm_auth allows use of external password databases, but doesn't
> > prevent the use of other mechanisms in any way.  As I mentioned before,
> > I'm quite willing to work with developers in the implementation of an
> > appropriate callback to allow application that already assume 'I have
> > the plaintext' to have Samba at least handle the NTLMSSP parsing and
> > authentication.
> 
> I'm not against ntlm_auth() support, but personally I don't really care 
> about it at the moment. I'm of course willing to answer questions about 
> Dovecot code if someone wants to implement it.

Why do I feel we are heading for a mexican standoff here ;-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040927/90577e2b/attachment-0001.bin>