Dovecot NTLM Auth without LDAP

From: Stephen Haywood 
------------------------------------------------------
Is it possible to configure Dovecot to use NTLM authentication without
using Active Directory/LDAP. Would prefer to use a DB or flat file to hold
the hashed passwords.

-- 
Stephen Haywood
Information Security Consultant
CISSP, GPEN, OSCP
T: @averagesecguy
W: averagesecurityguy.info

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you want the user to authenticate to Dovecot via NTLM, or do you want Dovecot to to verify the user credentials via NTLM? I believe the answer is yes on both accounts[1], but why would you want to? Regards, dtb [1] - http://wiki.dovecot.org/Authentication/Mechanisms/NTLM - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDsmtQACgkQABP1RO+tr2QJLQCeMM8BY4ZkXtxNBlZA4aNe+r2t rF0AoKR3355l0UFIRVxoNtTLZP8IE0XL =/In9 -----END PGP SIGNATURE-----

=============================================================== From: Stephen Haywood ------------------------------------------------------ I want user to auth to Dovecot with NTLM. I need to test some code I'm writing and don't want to build an entire infrastructure to test it. Stephen Haywood Information Security Consultant W: www.averagesecurityguy.info T: @averagesecguy

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm 100% certain that is supported, but all you need to test NTLM authentication is a single, non-AD joined Windows PC. Just saying :) Regards, dtb - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDsoSEACgkQABP1RO+tr2QtVQCgvQ7VGNFvkTEJZbhpy1biLa6F DAcAnRjBJqYVDsPKAEL6DqPiORvdLPLN =A3rA -----END PGP SIGNATURE-----

=============================================================== From: Stephen Haywood ------------------------------------------------------ I need to test NTLM Auth in SMTP. I don't think a Windows PC will do that, but if you know of a way let me know.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Windows Server w/ SMTP service installed configured for NTLM authentication? Have your base64 encode/decode library handy.... http://msdn.microsoft.com/en-us/library/cc246870.aspx Regards, dtb - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDsqrgACgkQABP1RO+tr2QP4gCcD3WdkLVvS+XWbi1t1U3FyWCt afwAnjvJ7F8QnYMitnNhCeoqKY0sAnjZ =ljU9 -----END PGP SIGNATURE-----