[squid-users] Re: Difference between basic authentication

From: Adam Aube <[email protected]>
Date: Sat, 29 Oct 2005 00:28:17 -0400

Guillaume wrote:

> Do you know what is the difference between basic authentication and
> NTLM authentication?

Basic authentication is an Internet standard that is fully compatible with
the stateless nature of HTTP, is easily integrated with most authentication
backends, and works in virtually all browsers. Users will be prompted for a
username and password when starting a browsing session. Passwords are not
encrypted between the browser and Squid

NTLM authentication is Microsoft's attempt to force a session-oriented
authentication protocol onto the inherently stateless HTTP (which qualifies
as a hack that breaks the protocol). Because it uses Microsoft's NTLM hash,
the password is never sent across the network. It integrates easily with a
Windows-style domain, and has the added advantage of users not being
prompted for a username and password. However, it requires many more
running auth helpers, increasing the load on your Squid server.

A third authentication option, digest, solves the security issues of basic
while remaining fully compatible with the HTTP protocol. However, it is
more difficult to integrate with an authentication backend than basic.

Adam
Received on Fri Oct 28 2005 - 22:32:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST