Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Mutt, IMAP and M$ Exchange's NTLM authentication

378 views
Skip to first unread message

Yosi

unread,
Apr 29, 2001, 5:06:49 AM4/29/01
to
Dear All,

Recently the company I work for has decided to switch to Micro$oft
Exchange. As you all know, Exchange uses an authentication scheme called
NTLM. Mutt's documentation says that "there is a patch by Grant Edwards to
add NTLM authentication for you poor exchange users out there, but it has
yet to be integrated into the main tree)". My questions are is this
patch included in the latest development release of mutt, v1.3.17i ?
If it is part of that release, how do I turn it on? If it isn't part of
that release, where do I get it from, and how do I incorporate it into
mutt?

Please help me avoid the dreadful LookOut mailer :-)

Sincerely,
Yosi

Han

unread,
Apr 30, 2001, 1:04:59 PM4/30/01
to
Yosi schreef de met > gemarkeerde tekst:

Well a little search on google delivered me the referencing story:

http://mail.python.org/pipermail/python-list/2000-January/020770.html

Interesting reading stuff about how ms makes everything, including
people, work so that you do not have a choice. Unless you are geek :)

I could not find the place were to get the patches. Patching is not so
difficult. Mostly a little manual is included.


Groetjes, Han.
--
For all ya |\ _,,,---,,_ There was a young man from
untamed Daemons /,`.-'`' -. ;-;;,_ Bel-Aire Who was screwing his
OpenBSD 2.9 |,4- ) )-,_..;\ ( `'-' girl on the stair, But the
on a i386 '---''(_/--' `-'\_) banister broke So he doubled

Grant Edwards

unread,
May 2, 2001, 11:14:17 PM5/2/01
to
On Sun, 29 Apr 2001 12:06:49 +0300, Yosi <nadav_h...@hotmail.com> wrote:

>Recently the company I work for has decided to switch to Micro$oft
>Exchange. As you all know, Exchange uses an authentication scheme called
>NTLM. Mutt's documentation says that "there is a patch by Grant Edwards to
>add NTLM authentication for you poor exchange users out there, but it has
>yet to be integrated into the main tree)".

Hey, that's me!

There's an old version of the patch (against 1.1-something,
IIRC) at ftp://ftp.visi.com/users/grante/ntlm.

Last time I checked, there was a newer version of the patch
(against 1.2.5) at http://www.scintilla.utwente.nl/~vincenta/mutt/mutt-1.2.5-ntlmauth.patch

I don't know if the patch has been updated to 1.3 by anybody. I
don't have access to an Exchange IMAP server anymore, so I'm
sort of out of the loop.

>Please help me avoid the dreadful LookOut mailer :-)

If you just want to suck e-mail off Exchange server onto a Unix
box (rather than leaving it on the server), you can run
fetchmail (it includes NTLM support in the standard
distribution): http://www.tuxedo.org/~esr/fetchmail/index.html

--
Grant Edwards grante Yow! I guess it was all a
at DREAM... or an episode of
visi.com HAWAII FIVE-O...

Terrel Shumway

unread,
May 3, 2001, 5:00:35 PM5/3/01
to
Grant Edwards wrote:

To use fetchmail with NTLM IMAP I had to hack it to use my NT domain. Since there is no existing configuration setting for the NT domain, I hacked it into the code itself -- a short-term solution that worked for me at the time. Alternatively, you could add code to split ctl->remotename at the backslash.

You also have to explicitly enable NTLM via "./configure --enable-NTLM"

--- imap.c Tue Apr 10 06:02:22 2001
+++ imap.domainhack.c Thu May 3 13:46:35 2001
@@ -164,7 +164,7 @@
if (msgbuf[0] != '+')
return PS_AUTHFAIL;

- buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL);
+ buildSmbNtlmAuthRequest(&request,ctl->remotename,"NT_DOMAIN_NAME_HERE");

if (outlevel >= O_DEBUG)
dumpSmbNtlmAuthRequest(stdout, &request);


Grant Edwards

unread,
May 3, 2001, 6:29:47 PM5/3/01
to
On Thu, 03 May 2001 14:00:35 -0700, Terrel Shumway <tshu...@ics.uci.edu> wrote:

>> If you just want to suck e-mail off Exchange server onto a Unix
>> box (rather than leaving it on the server), you can run
>> fetchmail (it includes NTLM support in the standard
>> distribution): http://www.tuxedo.org/~esr/fetchmail/index.html
>
>To use fetchmail with NTLM IMAP I had to hack it to use my NT domain. Since there is no existing configuration setting for the NT domain, I hacked it into the code itself -- a short-term solution that worked for me at the time. Alternatively, you could add code to split ctl->remotename at the backslash.
>
>You also have to explicitly enable NTLM via "./configure --enable-NTLM"
>
>--- imap.c Tue Apr 10 06:02:22 2001
>+++ imap.domainhack.c Thu May 3 13:46:35 2001
>@@ -164,7 +164,7 @@
> if (msgbuf[0] != '+')
> return PS_AUTHFAIL;
>
>- buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL);
>+ buildSmbNtlmAuthRequest(&request,ctl->remotename,"NT_DOMAIN_NAME_HERE");
>
> if (outlevel >= O_DEBUG)
> dumpSmbNtlmAuthRequest(stdout, &request);

It might be a good idea to parse the username string and use
the domain part of that. I think the original code expected
username@domain. Later I was told that the MS way is
username/domain.

--
Grant Edwards grante Yow! FIRST, I'm covering
at you with OLIVE OIL and
visi.com PRUNE WHIP!!

0 new messages