RE: Challenge in NTLM authenticator

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Monday, April 22, 2002 9:09 PM
> To: Robert Collins; Chemolli Francesco (USI); Guido Serassio
> Cc: squid-dev@squid-cache.org
> Subject: Re: Challenge in NTLM authenticator
>
>
> On Monday 22 April 2002 10:28, Robert Collins wrote:
>
> > But squid may not be running on an NT Server. It will be
> running on an
> > NT platform sure, but that doesn't imply Server.
>
> Same thing.
>
> > It's targeted at folk writing *both* ends of the
> application. We need
> > to interoperate with MS I.E. and have no control over the
> client. So
> > I'm not at all convinced that the SSPI is appropriate for anytihng
> > other than challenge validation.
>
> So your are saying Microsoft NTLM SSP interface is not suitable for
> generating and verifying Microsoft NTLMSSP credential exchanges?
>
> Note: The packet format of SSPI when using the NTLM SSP is NTLMSSP.

I'm saying that the NTLM SSP -happens- to be the on the wire format. MS
have no reason to keep it that way, and that we are better off keeping
the two level abstraction we have, whilst still leveraging the SSPI to
allow user authentication.

Rob
Received on Mon Apr 22 2002 - 05:30:08 MDT