On 2010-11-01 at 23:39 +0100, Kurt Jaeger wrote: > o exim sends a "334 NTLM supported" > o Outlook 2010 as a client sends some base64 > which is a NLMP NEGOTIATE blob, described in > > http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NLMP%5D.pdf > page 15ff > o exim answers with a NLMP CHALLENGE blob, described in the same > document, page 19ff.
This is the point at which things have gone wrong; Exim worked to an older specification, MS updated to have NTLM support Initial Response, a common SASL name, which basically means "send the first part of the authentication at the same time as asking to authenticate". Exim head already contains a probable fix for this, but I don't have Outlook clients to test against and I don't recall if the reporter verified it. Hrm, no Bugzilla entry, but it's: PP/06 Adjust NTLM authentication to handle SASL Initial Response. in the ChangeLog for version 4.73 (forthcoming. The commit is: http://git.exim.org/exim.git/commit/55c75993b43ac91069a5fbe9cc7a8d48cda84ee0 and the diff should apply cleanly to any relatively recent SPA. You're probably right about Exim not cancelling properly, and thanks for reporting that. I can't look right now, as it's work hours and Exim dev work has to be done on my time, but tonight I should finally have working home Internet connectivity and be able to catch back up on some pending Exim issues, including this. Regards, -Phil -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
