Just a thought, but perhaps you could hack together a proxy.pac (proxy.pac
is a java script you know) that could take care of the NTLM stuff on the
workstation side. It'd be a pretty lengthy proxy.pac, but you might be
able to get the functionality you need that way.
Not that I've ever tried this, mind you :-) I'm just a big fan of the
proxy.pac system after I discovered many years ago that it relieved me of
a LOT of trouble in terms of browser configs.
-Bill
On Mon, 20 Apr 1998, Jason Haar wrote:
>
> > I believe if you use an OS with PAM capabilities (Linux or Solaris), you
> > can use a PAM module which will authenticate off an NT server. I've seen
>
> Won't do I'm afraid. Web-based NTLM authentication means "transparent"
> authentication (under IE 3.0+). When IE sees that it's been asked to do NTLM
> authentication, it sends its cached usercode/password pair (suitably encrypted
> - this is no BASIC scheme!) without even mentioning it to the user. It can do
> this as the user authenticated themselves on the NT domain when they logged
> into their workstation - this cached information is available from then on.
>
> I've gone as far as getting the squid proxy-auth patch to call the likes of
> smbclient (works well - as it caches too), but it still only supports BASIC
> authentication - i.e. passwords in the clear/etc.
>
> I'd love to see a "true" NTLM patch for Apache/Squid - but the encryption
> coding required probably puts most people off...
>
>
>
> --
> Cheers
>
> Jason Haar
>
> Unix/Network Specialist, Trimble NZ
> Phone: +64 3 3391 377 Fax: +64 3 3391 417
>
>
Received on Sun Apr 19 1998 - 21:08:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:45 MST