RE: [SQU] NTLM Authentication and Frontpage/IIS/Exchange

From: Chemolli Francesco (USI) <[email protected]>
Date: Fri, 1 Dec 2000 10:51:37 +0100

> Yes. It's on Kinkie and my to-do list once ntlm is bedded
> down and complete. The auth_rewrite branch was a (successful I think)
> attempt to split out the authentication code into modules so
> that digest can be added very easily.
>
> Unfortunately we (my office) have been unsuccessful to date
> in getting Digest Authentication to work from IIS unless the
> IIS server
> is an AD server. (MS's doco is a bit confused - some places
> it quotes "running on an AD DC" and others "AD must be available"....)

Might be because NT stores in the SAM not the clear-text passwords,
but the mangled "password equivalent" hashes (for "security reasons", never
mind that they're not called "password equivalents" for fun).

Digest uses a different crypto algorithm, so it requires either
cleartext passwords or a different mangling on the password.

> Anyway if you'd like to get started on Digest I'm sure we can
> make a branch off of auth-rewrite for you to get started in.

Wouldn't it be better to first swap the auth-rewrite and NTLM branches?

-- 
	/kinkie
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Dec 01 2000 - 02:56:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:48 MST