On Fri, 2003-10-24 at 11:19, Jeremy Allison wrote: > On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote: > > On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote: > > > On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote: > > > > We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3 > > > > access with clear text authentication from clients. > > > > But no kind of credentials is accepted. > > > > > > > > It did a level 10 log on the Samba server and found my clear text password > > > > in the log (in nt_chal_resp and lm_chal_resp fields) during authentication. > > > > > > > > Is it possible that Samba can't handle the clear-text pass-through from > > > > POP3-Client per Exchange server and takes it for NTLMv2 challenge???? > > > > > > Can you post the debug level 10 log please (obfuscate all passwords of course > > > :-). > > > > I picked this one up at the end of last week. I never got it into CVS, > > because I didn't have the setup to test it. (And I wanted to clean it > > up a bit, we should also handle the 'interactive' login in a similar > > way, and possibly 'ascii' passwords against the LM hash). > > > > Thanks to Fabien Chevalier for providing the information that made > > fixing this so easy. > > I've committed a varient of this. Andrew can you please check for > correctness ?
It looks reasonable to me. Was there anything particularly wrong with 'static char zeros[8]'? (As I've used that elsewhere, and you have now got me worried...) What I proposed was only an early patch, and I intend to clean this up a bit more, cope with ASCII only passwords, and add a direct deny on the password fail. But that can wait, and it's good to see this in and fixed. Thanks, Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
