Re: [squid-users] mozilla 1.4 & NTLM auth.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 25 Jul 2003 20:29:10 +0200

fre 2003-07-25 klockan 20.09 skrev Jerry Murdock:

> I did some quick searching and saw a few messages about concern over
> passing credentials without letting the user know. I'm assuming they
> decided not to, but haven't looked deep enough to say for sure.

Probably wisest thing to do anyway. If you can make the client talk NTLM
to you then you can access any server in the domain as if you was the
client..

Most challenge/response authentication schemes are plauged by this
problem. The only thing guaranteed by NTLM is that the information can
not be reused to authenticate a second time without substantial
computation effort.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Fri Jul 25 2003 - 12:29:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:17 MST