Date: Thu, 2 Apr 1998 11:53:33 +0100 (BST) From: Luke Kenneth Casson Leighton <lkcl@switchboard.net> To: Jeremy Allison <jallison@whistle.com> Subject: Re: NTLMSSP auth header In-Reply-To: <3522C264.2D857063@whistle.com>
> Looking at the NTLMSSP auth header for your DCE
> code, I think I know what the format of this should be,
> as I have implemented it for Whistle's IMAP server
> (MS outlook express uses this header, encoded in base64
> into an ascii stream, to do IMAP authentication).
>
> This is the protocol that Dave Thompson of MS promised
> to me over a year ago at the MS PDC in Long Beach would
> be documented, of course it never has been :-(.
>
> It is the key to talking authenticated to MS active
> directory (LDAP server etc.), as well as their 'secure'
> Web administration protocol over HTTP.
>
> The protocol looks like (this is a snapshot from a
> Windows 95 - to NT IMAP conversation - as such no
> UNICODE is used, the unknown flags fields may
> specify if UNICODE is to be used instead). :
>
> --------------------------------------------------------------------
>
> Message 1 - Client to server (hello)
>
> 00000000 4e 54 4c 4d 53 53 50 00 01 00 00 00 06 82 00 00
> Bytes 0 - 7 "NTLMSSP\0"
> Bytes 8 - 0xB Message number, little endian format (1)
> Bytes 0xC - 0xF - flags of some kind (unknown - specifies ascii ?).
negotiation flags? indicates things, according to the bit-fields in the
CryptoAPI, like "ENCRYPTION" and "VERIFICATION" and "SIGNING" etc.
maybe?