Question

Yesterday, the IT department made changes to the Exchange server. I was previously able to use imaplib to fetch messages from the server. But now it seems they have turned off the authentication mechanism I was using. From the output below, it looks as if the server now supports NTLM authentication only.

>>> from imaplib import IMAP4_SSL
>>> s = IMAP4_SSL("my.imap.server")
>>> s.capabilities
( IMAP4 ,  IMAP4REV1 ,  IDLE ,  LOGIN-REFERRALS ,  MAILBOX-REFERRALS , 
 NAMESPACE ,  LITERAL+ ,  UIDPLUS ,  CHILDREN ,  AUTH=NTLM )
>>> s.login("username", "password")
...
imaplib.error: Clear text passwords have been disabled for this protocol.

Questions:

How do I authenticate to the imap server using NTLM with imaplib? I assume I have need to use IMAP4_SSL.authenticate("NTLM", authobject) to do this? How do I set up the authobject callback.
Since SSL/TLS is the only way to connect to the server, re-enabling clear text password authentication should not be a security risk. Correct?

The process that connects to the imap server is running on Linux, BTW. So I am not able to use pywin32.

Edit:

I was able to figure out 1. myself. But how about 2.: Clear text passwords in IMAP over SSL is not a security problem, is it?

Answer 1

I was able to use the python-ntlm project.

python-ntlm implements NTLM authentication for HTTP. It was easy to add NTLM authentication for IMAP by extending this project.

I submitted a patch for the project with my additions.

友情链接