David Koski
2022-Jan-23 01:29 UTC
NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
Is NTLM now dead?? The Readme says: 2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek <jeff.sipek at open-xchange.com> (48d6f7282) ??? auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes M?????? COPYING M?????? configure.ac M?????? src/Makefile.am M?????? src/auth/Makefile.am D?????? src/auth/mech-ntlm.c M?????? src/auth/mech.c M?????? src/auth/password-scheme.c M?????? src/auth/test-libpassword.c M?????? src/auth/test-mech.c M?????? src/doveadm/Makefile.am D?????? src/lib-ntlm/Makefile.am D?????? src/lib-ntlm/ntlm-des.c D?????? src/lib-ntlm/ntlm-des.h D?????? src/lib-ntlm/ntlm-encrypt.c D?????? src/lib-ntlm/ntlm-encrypt.h D?????? src/lib-ntlm/ntlm-flags.h D?????? src/lib-ntlm/ntlm-message.c D?????? src/lib-ntlm/ntlm-message.h D?????? src/lib-ntlm/ntlm-types.h D?????? src/lib-ntlm/ntlm.h David On 1/22/22 4:22 PM, David Koski wrote:> After upgrading Debian to 11 I found Dovecot at version 2.3.13 > (89f716dc2).? Now auth method NTLM fails and is not even listed: > > # doveadm pw -l > SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA > DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 > SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 > SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 > > /var/log/dovecot.log > Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:32 master: Error: service(auth): command startup failed, > throttling for 2.000 secs > Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:34 master: Error: service(auth): command startup failed, > throttling for 4.000 secs > Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:38 master: Error: service(auth): command startup failed, > throttling for 8.000 secs > Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:46 master: Error: service(auth): command startup failed, > throttling for 16.000 secs > > # doveconf -n > # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.13 (cdd19fe3) > # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2 > # Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net > auth_mechanisms = plain login ntlm > debug_log_path = /var/log/dovecot-debug.log > info_log_path = /var/log/dovecot-info.log > log_path = /var/log/dovecot.log > maildir_stat_dirs = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext > namespace compat { > ? alias_for > ? hidden = yes > ? inbox = no > ? list = no > ? location > ? prefix = INBOX. > ? separator = . > } > namespace inbox { > ? inbox = yes > ? location > ? mailbox Drafts { > ??? special_use = \Drafts > ? } > ? mailbox Junk { > ??? special_use = \Junk > ? } > ? mailbox Sent { > ??? special_use = \Sent > ? } > ? mailbox "Sent Messages" { > ??? special_use = \Sent > ? } > ? mailbox Trash { > ??? special_use = \Trash > ? } > ? prefix > ? separator = . > } > passdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > plugin { > ? mail_plugins = " quota trash sieve" > ? sieve = file:~/sieve;active=~/.dovecot.sieve > } > protocols = " imap sieve" > service auth { > ? unix_listener /var/spool/postfix/private/auth { > ??? group = postfix > ??? mode = 0666 > ??? user = postfix > ? } > ? unix_listener auth-client { > ??? mode = 0660 > ? } > } > service stats { > ? unix_listener stats-reader { > ??? group = vmail > ??? mode = 0660 > ??? user = vmail > ? } > ? unix_listener stats-writer { > ??? group = vmail > ??? mode = 0660 > ??? user = vmail > ? } > } > ssl_cert = </etc/letsencrypt/live/imail1.sutinen.com/fullchain.pem > ssl_client_ca_dir = /etc/ssl/certs > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > userdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > protocol lmtp { > ? mail_plugins = " quota trash sieve" > ? postmaster_address = admin-kosmosisland.com at kosmosisland.com > } > protocol lda { > ? mail_plugins = " quota trash sieve" > } > > Regards, > David Koski >
Aki Tuomi
2022-Jan-23 07:09 UTC
Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
On 23 January 2022 1.29.43 UTC, David Koski <david at kosmosisland.com> wrote:>Is NTLM now dead?? The Readme says: > >2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek ><jeff.sipek at open-xchange.com> (48d6f7282) > > ??? auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes > >> >> Regards, >> David Koski >> >You should use GSSAPI instead. Aki