===
----- Original Message -----
From: "Guido Serassio" <serassio@libero.it>
> Hi Robert,
>
> I'm analyzing the NTLMSSP helper for write a native Cygwin NTLM
helper, and
> I have some questions:
>
> - It seems that is not possible to use NTLM and basic authentication
> together, for example, Netscape browsers runs in basic mode, while
Internet
> Explorer runs in NTLM mode, it is true ?
You can run both NTLM and basic together, but any individual browser
will only use one of them.
RFC 2617 specifies that a browser should choose the most secure scheme
offered it, but MSIE is broken and needs NTLM first - I reported this to
MS who laughed.
> - I'm in difficulty when identifying what WIN32 API to use instead of
SMB_*
> samba functions. Do You have same docs on NTLM challenge/response
protocol
> and related functions ? On my MSDN I can find only some little hints.
The GSSAPI functions are what you will need. I'm not sure which ones.
> - I think that can be very useful add a membership NT Group check to
this
> new authenticator, what is Your opinion about ?
See the external_acl project on devel.squid-cache.org - it's designed to
support such checks. (You pass an external helper the username and
allowed group(s), and it then tests for membership - the result of which
gets cached in squid along with the user credentials.
Rob
Received on Tue Dec 11 2001 - 21:20:37 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:40 MST