Re: [Evolution] Evolution and NTLM v2

From: David Woodhouse <dwmw2 infradead org>
To: Bharath Acharya <abharath novell com>
Cc: evolution-list gnome org
Subject: Re: [Evolution] Evolution and NTLM v2
Date: Thu, 17 Mar 2011 11:40:53 +0000

On Thu, 2011-03-17 at 17:06 +0530, Bharath Acharya wrote:

On Thu, 2011-03-17 at 11:13 +0000, David Woodhouse wrote:

On Thu, 2011-03-17 at 08:09 +0100, Milan Crha wrote:


        Hi,
GAL in evolution-exchange is using patched openldap. The patch adds ntlm
authentication. It doesn't use camel for addresbook at all. Maybe your
change can be modified for the openldap patch [1].


Oh for $DEITY's sake. Yet *another* separate implementation of NTLM?


The patch that David provided might be the right place for it. It just
supports NTLM v2 as well (not supported earlier)


Que?

The openldap maintainers did not absorb the openldap-ntlm patch (a few
issues for the rejection)


Do you have a reference to that discussion?

Also best would be to implement Kerberos authentication for GAL instead
of any NTLM authentications (Kerberos has replaced NTLM as the default
authentication protocol in an Active Directory based single sign-on
scheme) But if NTLM v2 works for now, sure why not :)


My experience is that we need both. Our corporate network has a bunch of
web servers that don't work with Kerberos; you *have* to use NTLM(v2).

And Kerberos is *slow*. It seems to do A and AAAA DNS lookups for
*every* one of the dozens of domain controllers listed for the domain,
before ever bothering to talk to one of them. I'll get to that... :)

-- 
dwmw2

References:
- Re: [Evolution] Evolution and NTLM v2
  - From: David Woodhouse
- Re: [Evolution] Evolution and NTLM v2
  - From: Milan Crha
- Re: [Evolution] Evolution and NTLM v2
  - From: David Woodhouse
- Re: [Evolution] Evolution and NTLM v2
  - From: Bharath Acharya

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]