Bug#479690: cyrus-sasl2 wishlist

Christoph Christ (MCP) cchrist at mcpsoftworks.com
Tue May 6 06:49:59 UTC 2008 

Package: cyrus-sasl2
Version: 2.1.22.dfsg1-19
Severity: wishlist

Shortdescription: Patch fixes NTLM authentication bug introduced with 
Outlook 2007 (where digest-md5 also fails), when connecting to any sasl 
enabled system with realm support, where username is matched against 
username at maildomain.tld  in any sasl backend (%u@%r via postfix, 
cyrus-imapd, courier, etc...).
Bugdescription:
Outlook Express, Outlook 2000, 2003, XP using the following method 
(which is covered by cyrus-sasl2 2.1.22). First ntlm request username 
and client domain (where the client domain is the workgroup/domain of 
the windows workstation), and if that fails the second ntlm request 
without client domain, but with a fully qualified email address 
username at maildomain.tld.
Outlook 2007 uses a different way: it directly sends in the first ntlm 
request: client user: username and client domain: maildomain.tld. There 
is no fallback mechanism, and therefore this fails in sasl2 with 
"username not found"
Solution:
This patch adds the logic to distinguish between the old method and the 
new method and supports both. The new logic is: if there is a client 
domain available, build a fully qualified username and send it to the 
sasl backend for verification (this works for Outlook 2007, the older 
versions fail here). If there is no client domain, send the handed over 
username for verification (which is then the fully qualified username, 
handed over by the older Outlook versions).

-- 
kind regards
Christoph Christ
Head of Development/Research

MCP-Softworks s.r.o., 
Freiungsstrasse 8/1, A-2410 Hainburg an der Donau
Tel: +43-664-9307044, Fax: +43-664-779307044
http://www.mcpsoftworks.com



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cyrus-sasl-2.1.22-ntlm-outlook.patch
Url: http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20080506/3bceac69/attachment.txt

More information about the Pkg-cyrus-sasl2-debian-devel mailing list