On Tue, Dec 07, 2010 at 11:22:55AM +0000, Hugo Monteiro wrote:
Hello list,
I'm in the process of deploying a perdition imap proxy to an exchange
server. ATM there is a M$ proxy server installed that i wish to replace.
All clients, Outlook in a vast majority, have SPA enabled that
translates to NTLM auth. I have changed the CAPABILITY string to meet
exchanges CAPs and i'm also not doing any authentication_in, i.e. all
auth is performed in the backend exchange server.
... But it's not working. I can see in the logs the following:
Dec 7 11:16:10 mail-proxy perdition[5863]: SSL connection using AES256-SHA
Dec 7 11:16:10 mail-proxy perdition[5863]: SELF: "* OK IMAP4 Ready
mail-proxy 0001e283\r\n"
Dec 7 11:16:10 mail-proxy perdition[5863]: CLIENT: "1 capability\r\n"
Dec 7 11:16:10 mail-proxy perdition[5863]: SELF: "* CAPABILITY IMAP4
IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN IDLE NAMESPACE LITERAL+\r\n"
Dec 7 11:16:10 mail-proxy perdition[5863]: SELF: "1 OK CAPABILITY\r\n"
Dec 7 11:16:10 mail-proxy perdition[5863]: CLIENT: "3 authenticate
NTLM\r\n"
Dec 7 11:16:10 mail-proxy perdition[5863]: SELF: "3 NO AUTHENTICATE
mechanism not supported, mate\r\n"
Is this type of connection not supported at all, or am i missing anything?
Note: Not supporting this type of authentication will turn into a major
helpdesk overhead since there will be a lot of clients to be reconfigured.
Hi Hugo,
Unfortunately perdition does not support NTLM authentication at this time.
Actually, at this stage it only supports AUTH=PLAIN for IMAP.
I would be more than happy to look review patches to add this feature.