Re: NTLM authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 01 Aug 2000 19:00:55 +0200

Chemolli Francesco (USI) wrote:

> Yes, you are.
> It first presents its workstation name and domain, and even
> that not always.
> Before you ask: yes, I have network traces showing such a behaviour.

Are you sure the user is logged in to the domain when this happens?

> > which makes sense to me as I thought you need to know the
> > user domain to
> > be able to get the challenge from the correct domain controller...
>
> Correct. I am puzzled as to what happens when the client offers no
> such information, maybe the proxy is supposed to ask a challenge to his
> own DC, or his local authentication service.

But.. his own DC or authentication service won't know the password hash,
so how is the password validated then?

/Henrik
Received on Tue Aug 01 2000 - 11:06:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:33 MST