On 11/7/07, Ryan Shelley <[EMAIL PROTECTED]> wrote: > With a separate email client like Outlook or Thunderbird? Well, much of > what I describe still holds. You need to provision each account with their > AD passwords (assuming the are SHA-1 encoded), and then the user needs to > log in and enable POP3 on their account. Once that's setup, they can use a > 3rd party client to receive their mail. The only catch is that if the user > changes their password on your AD domain, you might want to consider syncing > that change with Gmail so their mailbox password matches their domain login.
Unfortunately 'the NTLM, NTLMv2, and Kerberos all use the NT hash, also known as the Unicode hash' (Q299656). The best way to achieve what you suggest would likely be to register for password change notifications and capture the password in cleartext before it is encoded and stored to AD. This is how Microsoft themselves do it for their Identity Integration Server: Password Change Notification Service captures passwords on the domain controller so Identity Integration Server can synchronize. http://www.microsoft.com/downloads/details.aspx?familyid=c0964f2e-fa9f-4fc7-ac13-c43928efee9d&displaylang=en An interesting enhancement for apps would be for it to understand NTLM hashes, at least for migration purposes (they could be stored temporarily and upgraded when the user provides the cleartext password the first time they log on). I've already done something similar for OpenLDAP half a dozen years ago so I know it's feasible; I'll submit the suggestion to product management. http://www.openldap.org/lists/openldap-devel/200203/msg00025.html Presumably those of you using Apps in NT based environments would find the ability to migrate existing passwords useful? Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
