|
we have workstations joined to the M$ domain... (SLED 11 SP1 desktops) but Evo requires password :( I mean that Evo does not use (support) /usr/bin/ntlm_auth...
After setting of password NTLM authentication works, but it seems that only version 1. When we have enabled NTLM v2 only on the MS Domain server, Evo (GAL) is not able to authenticate via NTLM, it uses plaintext ldap bind automaticaly.
Milan
---
Milan Juríček
Technology Consultant
mjuricek novell com
+421 917 498 084
Novell
Making IT Work As One
www.novell.sk
>>> David Woodhouse <dwmw2 infradead org> 2/23/2011 10:49 AM >>>
On Tue, 2011-02-22 at 07:31 +0000, Milan Juricek wrote:
> i`d like to ask you... Does Evolution support NTLM v2? Or when will
> this feature be implemented in the GAL authentication?
> Now we are using Evo + Exchange plug-in (Exchange 2k3) and only GAL+
> NTLM v1 works. But this concept is not accepted by security
> department.
You shouldn't have to ask this question. If your machine has joined the
domain using Samba/winbind then all client apps should just be
invoking /usr/bin/ntlm_auth to handle the NTLM challenge/response
process. Apps shouldn't be asking for the password for themselves.
We're going to make this work with a simpler dæmon too, so you don't
have to use the full Samba/winbind setup and actually join the domain.
I envisage a simple tool that runs in the user's session, having
obtained the password from PAM like gnome-keyring does. And it'll do
nothing except continuously refresh your Kerberos tickets, and answer
queries via /usr/bin/ntlm_auth from apps like Evolution.
--
dwmw2
| 