Some folks (read: many) have had trouble getting Cyrus SASL to properly authenticate Windows clients using the NTLM mechanism (whereas things like Evolution works fine). Andrew Bartlett from the Samba team published a patch to make it work by passing the NTLM authentication over to Samba. There is also support for the MS Kerberos method GSSSPNEGO - but this is untested. The attached ebuild includes this patch for Cyrus SASL 2.1.20, activating the code if the USE flag "samba" is set. (A dependency to net-fs/samba becomes active if this flag is asserted). Testing using Outlook 2000 on a Windows 2000 box inside a Samba PDC domain connecting to Cyrus IMAP yield successful single sign on NTLM authentication. Evolution also works when connecting to the same account on the same server. Reproducible: Always Steps to Reproduce: 1. Place the ebuild and patch into the portage overlay directory (dev-libs/cyrus-sasl and dev-libs/cyrus-sasl/files) 2. ebuild /usr/local/portage/dev-libs/cyrus-sasl/cyrus-sasl-2.1.20-r3.ebuild digest 3. emerge cyrus-sasl Actual Results: Emerge proceeds as expected. Expected Results: n/a
Created attachment 50807 [details] ebuild for samba enhance cyrus-sasl
Created attachment 50808 [details, diff] Andy Bartlett's patch to Cyrus SASL to support NTLM and SPNEGO
Added in CVS as cyrus-sasl-2.1.20-r2. To activate it use the ntlm_unsupported_patch use flag. Cheers, Ferdy