NTLMSSP auth header

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Apr 2 10:53:33 GMT 1998


> 	Looking at the NTLMSSP auth header for your DCE
> code, I think I know what the format of this should be,
> as I have implemented it for Whistle's IMAP server
> (MS outlook express uses this header, encoded in base64
> into an ascii stream, to do IMAP authentication).
> 
> This is the protocol that Dave Thompson of MS promised
> to me over a year ago at the MS PDC in Long Beach would
> be documented, of course it never has been :-(.
> 
> It is the key to talking authenticated to MS active
> directory (LDAP server etc.), as well as their 'secure'
> Web administration protocol over HTTP.
> 
> The protocol looks like (this is a snapshot from a
> Windows 95 - to NT IMAP conversation - as such no
> UNICODE is used, the unknown flags fields may
> specify if UNICODE is to be used instead). :
> 
> --------------------------------------------------------------------
> 
> Message 1 - Client to server (hello)
> 
> 00000000  4e 54 4c 4d 53 53 50 00  01 00 00 00 06 82 00 00 

> Bytes 0 - 7  "NTLMSSP\0"
> Bytes 8 - 0xB Message number, little endian format (1)
> Bytes 0xC - 0xF - flags of some kind (unknown - specifies ascii ?).

negotiation flags?  indicates things, according to the bit-fields in the
CryptoAPI, like "ENCRYPTION" and "VERIFICATION" and "SIGNING" etc.

maybe?




More information about the samba-technical mailing list