> > Result: our NTLM authenticators are not perfect, there are some
> > corner-cases where authentication fails, symptom NT challenge
> > is oversized. Tell the user to change her NT password to a shorter
> > one. Happened to me to one user in about 5k.
>
> Odd.. as far as I can tell there is no dependency on the password
> length in NTLM challenge/response. No matter the length of the
> password the response is always 24 bytes.
Chatting with Andrew Bartlett, it might be a case of NTLMv2
incorrectly creeping in. Our NTLMSSP capabilities negotiation
is not perfect, I think.
Also, there is a distinct chance that it might break on non-x86
architectures due to bare structure packing.
> You didn't by any chance capture the challenge/response packet of a
> failing session so we can take a closer look at it to see if the
> problem cause can be identified?
It seems I haven't, unfortunately. "Smart script" dumbness.
-- /kinkieReceived on Fri Sep 06 2002 - 02:13:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:27 MST