Re: Challenge in NTLM authenticator

From: Henrik Nordstrom <>
Date: Mon, 22 Apr 2002 22:47:48 +0200

Guido Serassio wrote:

> My question about Challenge on NTLM authenticator comes from the comparison
> of fake_auth and ntlm_auth:
> The first generate its challenge with rand(), the second from the SMB
> connection Encrypt Key.

ntlm_auth needs to get it from SMB, as it only relays the LANMAN login

> So my doubt was: "A rand() generated challenge it's adeguate for a native
> NT NTLM authenticator ?"

Yes, provided you have access to a mechanism where you can verify
"challenge+ntresponse" tuples.

> Looking in article Q264921 from Microsoft KB, i can see something of future
> works on Squid Browser Authentication: Digest and Kerberos, but now NTLM is
> a good starting point.

Sure, SSPI might be used to integrate Squid with NT for Digest and Kerberos
authentication as well, but this will then be over another IPC interface than
the NTLM helpers as each of these is a separate HTTP authentication scheme
with their own HTTP syntaxes.

Received on Mon Apr 22 2002 - 14:47:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:18 MST