NTLMSSP auth header
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Apr 2 10:53:33 GMT 1998
> Looking at the NTLMSSP auth header for your DCE
> code, I think I know what the format of this should be,
> as I have implemented it for Whistle's IMAP server
> (MS outlook express uses this header, encoded in base64
> into an ascii stream, to do IMAP authentication).
>
> This is the protocol that Dave Thompson of MS promised
> to me over a year ago at the MS PDC in Long Beach would
> be documented, of course it never has been :-(.
>
> It is the key to talking authenticated to MS active
> directory (LDAP server etc.), as well as their 'secure'
> Web administration protocol over HTTP.
>
> The protocol looks like (this is a snapshot from a
> Windows 95 - to NT IMAP conversation - as such no
> UNICODE is used, the unknown flags fields may
> specify if UNICODE is to be used instead). :
>
> --------------------------------------------------------------------
>
> Message 1 - Client to server (hello)
>
> 00000000 4e 54 4c 4d 53 53 50 00 01 00 00 00 06 82 00 00
> Bytes 0 - 7 "NTLMSSP\0"
> Bytes 8 - 0xB Message number, little endian format (1)
> Bytes 0xC - 0xF - flags of some kind (unknown - specifies ascii ?).
negotiation flags? indicates things, according to the bit-fields in the
CryptoAPI, like "ENCRYPTION" and "VERIFICATION" and "SIGNING" etc.
maybe?
More information about the samba-technical
mailing list