Is there a way to recognize ntlm_auth has available password?

Milan Crha mcrha at
Fri Nov 10 12:00:35 UTC 2017

I opened a thread quite some time ago [1], but I didn't receive any
response, at least the list archive doesn't show anything.

I'm still looking for a way to recognize whether /usr/bin/ntlm_auth has
available password or not. The behavior changed in time of [1]. I'd
like to know whether the password is available, because based on that I
can decide whether I can just ask ntlm_auth for a response or whether I
should ask the user for the password first. That's a very important
difference, because it can avoid useless password prompts.

As I do it at the moment I issue a "YR\n" request towards the binary
and I check whether it returns anything but "YR " and something not
ending with "\n", if it does, then the password might be available, I
thought. As noted above, it used to work approximately around and/or
before [1].

I didn't find any documentation about the "protocol", a description how
to talk to the /usr/bin/ntlm_auth and what to expect in what cases. Is
it available anywhere, please? Or is there any way to decipher the YR
response from the ntlm_auth and recognize from it whether it has the
password or not? Even, I'd like to avoid to decipher it, as it means to
know about NTLM internal data exchange, which is something I'd rather
keep completely up to the ntlm_auth itself (not talking that different
NTLM versions may or may not have changed the data format).
	Thanks and bye,


More information about the samba-technical mailing list