> I believe if you use an OS with PAM capabilities (Linux or Solaris), you
> can use a PAM module which will authenticate off an NT server. I've seen
Won't do I'm afraid. Web-based NTLM authentication means "transparent"
authentication (under IE 3.0+). When IE sees that it's been asked to do NTLM
authentication, it sends its cached usercode/password pair (suitably encrypted
- this is no BASIC scheme!) without even mentioning it to the user. It can do
this as the user authenticated themselves on the NT domain when they logged
into their workstation - this cached information is available from then on.
I've gone as far as getting the squid proxy-auth patch to call the likes of
smbclient (works well - as it caches too), but it still only supports BASIC
authentication - i.e. passwords in the clear/etc.
I'd love to see a "true" NTLM patch for Apache/Squid - but the encryption
coding required probably puts most people off...
-- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417Received on Sun Apr 19 1998 - 19:34:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:45 MST