Next: The SECURID mechanism, Previous: The SCRAM mechanisms, Up: Mechanisms [Contents][Index]
The NTLM is a non-standard mechanism. Do not use it in new applications, and do not expect it to be secure. Currently only the client side is supported.
In the client, this mechanism is always enabled, and it requires the
GSASL_AUTHID and GSASL_PASSWORD properties. It will set
the ‘domain’ field in the NTLM request to the value of
GSASL_REALM. Some servers reportedly need non-empty but
arbitrary values in that field.