RE: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
RE: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
- Subject: RE: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
- From: "Miller, Timothy J." <email@hidden>
- Date: Wed, 25 Mar 2009 12:27:01 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the next release of OS/X support NTLMV2?
Not sure myself, but it's obvious when it happens. The Kerberos password
dialog is visually distinct. Plus Kerberized apps should never prompt once
you have your ticket, so if you see it happen you know Kerberos authN
failed.
This is more a problem with Finder than anything else right now. While
Finder is Kerberized, it only requests tickets for shares that show up in
Bonjour. AFAICT it's a bug related to the Back to My Mac feature.
Workaround is to use the mount command directly; it's Kerberized too.
-- Tim
>-----Original Message-----
>From: Paul Nelson [mailto:email@hidden]
>Sent: Wednesday, March 25, 2009 9:24 AM
>To: Miller, Timothy J.; 'Jacob, Raymond A Jr'; Apple Fed Talk
>Subject: Re: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the
>next release of OS/X support NTLMV2?
>
>One point you need to be aware of, and ask Apple about:
>
>Can you configure your Mac to ONLY use NTLMv2/Kerberos? Furthermore,
>can
>you prevent a user from changing that configuration?
>
>The same goes for the old LanMan hash or even clear text passwords.
>
>
>Paul Nelson
>Thursby Software Systems, Inc.
>
>
>> From: "Miller, Timothy J." <email@hidden>
>> Date: Wed, 25 Mar 2009 09:15:46 -0400
>> To: "'Jacob, Raymond A Jr'" <email@hidden>, Apple Fed Talk
>> <email@hidden>
>> Subject: RE: [Fed-Talk] Does Leopard support NTLMv2? or Rather will
>the next
>> release of OS/X support NTLMV2?
>>
>> Believe me, you don't want support for *any* NTLM protocols. The NT
>hash is
>> the equivalent of the password; in other words, if I have your NT hash
>I
>> don't need to know what the password is.
>>
>> http://oss.coresecurity.com/projects/pshtoolkit.htm
>>
>> -- Tim
>>
>>
>>> -----Original Message-----
>>> From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-
>>> talk-bounces+tmiller=email@hidden] On Behalf Of Jacob,
>>> Raymond A Jr
>>> Sent: Tuesday, March 24, 2009 3:15 PM
>>> To: email@hidden
>>> Subject: [Fed-Talk] Does Leopard support NTLMv2? or Rather will the
>next
>>> release of OS/X support NTLMV2?
>>>
>>> I found a discussion about this topic on the list.
>>> However, the thread occurred a few years ago.
>>> Googling for this topic, I that there was a mention
>>> that Thursby might support NTLMv2.
>>> Question:
>>> Does Leopard support NTLMv2?
>>> Or, Rather will the next release of OS/X support NTLMV2?
>>>
>>> r/Raymond
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden