Re: [Evolution] Evolution and NTLM v2



On Thu, 2011-03-17 at 17:06 +0530, Bharath Acharya wrote:
On Thu, 2011-03-17 at 11:13 +0000, David Woodhouse wrote:
On Thu, 2011-03-17 at 08:09 +0100, Milan Crha wrote:

        Hi,
GAL in evolution-exchange is using patched openldap. The patch adds ntlm
authentication. It doesn't use camel for addresbook at all. Maybe your
change can be modified for the openldap patch [1]. 

Oh for $DEITY's sake. Yet *another* separate implementation of NTLM?

The patch that David provided might be the right place for it. It just
supports NTLM v2 as well (not supported earlier)

Que?

The openldap maintainers did not absorb the openldap-ntlm patch (a few
issues for the rejection)

Do you have a reference to that discussion?

Also best would be to implement Kerberos authentication for GAL instead
of any NTLM authentications (Kerberos has replaced NTLM as the default
authentication protocol in an Active Directory based single sign-on
scheme) But if NTLM v2 works for now, sure why not :)

My experience is that we need both. Our corporate network has a bunch of
web servers that don't work with Kerberos; you *have* to use NTLM(v2).

And Kerberos is *slow*. It seems to do A and AAAA DNS lookups for
*every* one of the dozens of domain controllers listed for the domain,
before ever bothering to talk to one of them. I'll get to that... :)

-- 
dwmw2




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]