On Mon, 13 Oct 2003, Ilya wrote:
> 1) In what format client passes username|password to squid when ntlm
> authentication is used? In http-header, in base64 coding?
username is passed in plain text or UTF8 encoding inside a base64 blob of
the NTLMSSP message exchange.
password IS NOT passed.
> 2) Does every http-response contain user`s username & password
> when ntlm authentication is used?
No. NTLM-over-http is not a HTTP authentication scheme, it only tries to
masquerade itself as looking like one at a first glance..
Regards
Henrik
Received on Mon Oct 13 2003 - 07:30:40 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:28 MST