Re: [squid-users] ntlm authentication

From: Henrik Nordstrom <[email protected]>
Date: Mon, 13 Oct 2003 15:30:25 +0200 (CEST)

On Mon, 13 Oct 2003, Ilya wrote:

> 1) In what format client passes username|password to squid when ntlm
> authentication is used? In http-header, in base64 coding?

username is passed in plain text or UTF8 encoding inside a base64 blob of
the NTLMSSP message exchange.

password IS NOT passed.

> 2) Does every http-response contain user`s username & password
> when ntlm authentication is used?

No. NTLM-over-http is not a HTTP authentication scheme, it only tries to
masquerade itself as looking like one at a first glance..

Regards
Henrik
Received on Mon Oct 13 2003 - 07:30:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:28 MST