> On June 27, 2016 at 8:50 PM Gregory Sloop <gr...@sloop.net> wrote: > > > > > TT> On 6/27/2016 2:45 AM, Mark Foley wrote: > >> While continuing to test gssapi, I thought I check out your suggestion on > >> NTLM v1. I did set > >> Thunderbird to NTLM v1 ... > > TT> You are aware, I hope, that NTLM v1 is well over 20 years old and > TT> is trivially compromised today. Basically, it's about as secure as > TT> sending plaintext passwords. Since you're supporting SSL on your > TT> Dovecot server, why not require it, and not bother with NTLM auth? > > I can't speak for the OP, but I suspect he'd like to use a SSO for dovecot, > utilizing the same credentials as is in their Samba AD infrastructure. [Thus, > have Dovecot submit authentications for dovecot to the AD domain and get an > ack/nak on success.] So, he's not eager to use NTLMv1, but isn't getting much > love in how to setup proxy auth against AD. [I suspect asking on the Samba > list isn't a bad idea, but I'm surprised he hasn't gotten some good pointers > here. There really ought to be a FAQ of white-paper on it, and I'm dismayed > there isn't.] > > -Greg
It's not very used feature as most with AD probably are using Exchange. I'll have a look at the NTLM authentication and see if we can improve it's documentation. --- Aki Tuomi Dovecot oy
