On Wed, 22 Jul 2009, Henrik Nordstrom wrote:
> fre 2009-07-17 klockan 14:23 -0400 skrev Mike Diggins:
>
>> I've been asked to investigate eliminating the Basic authentication option
>> due to the obvious security risks (I need to maintain NTLM though). After
>> some brief reading, it appears that Digest Authentication might work. Can
>> I use Digest Authentication against Winbind like I do now?
>
> Unfortunately not. winbind do not expose the Digest authentication
> scheme, even if you should configure your AD domain to support it (by
> default disabled in AD, and enabling it requires everyone to reset their
> password once enabled).
>
> And it won't be a single-sign-on solution even if the account & password
> is the same. In theory it could be, but Microsoft has not implemented
> single sign on when using Digest.
>
>> Also, is the
>> Digest Authentication supported by most modern browsers (Windows and MAC
>> versions)?
>
> Yes.
>
> But there is still related applications & plugins which only supports
> Basic or perhaps NTLM.
Thanks. If my requirements are to keep NTLM working, and have the MD
authentication ultimately authenticate against that same domain (somehow),
could I separate the two, and perhaps use a different authenticator for
the MD Auth part - or does the MD auth just not work that way?
-Mike
Received on Thu Jul 23 2009 - 14:42:08 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 24 2009 - 12:00:05 MDT