> Yes. It's on Kinkie and my to-do list once ntlm is bedded
> down and complete. The auth_rewrite branch was a (successful I think)
> attempt to split out the authentication code into modules so
> that digest can be added very easily.
>
> Unfortunately we (my office) have been unsuccessful to date
> in getting Digest Authentication to work from IIS unless the
> IIS server
> is an AD server. (MS's doco is a bit confused - some places
> it quotes "running on an AD DC" and others "AD must be available"....)
Might be because NT stores in the SAM not the clear-text passwords,
but the mangled "password equivalent" hashes (for "security reasons", never
mind that they're not called "password equivalents" for fun).
Digest uses a different crypto algorithm, so it requires either
cleartext passwords or a different mangling on the password.
> Anyway if you'd like to get started on Digest I'm sure we can
> make a branch off of auth-rewrite for you to get started in.
Wouldn't it be better to first swap the auth-rewrite and NTLM branches?
-- /kinkie -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Dec 01 2000 - 02:56:47 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:48 MST