Mailing-List: contact new-httpd-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: new-httpd@apache.org
From: "William A. Rowe, Jr." <wrowe@lnd.com>
To: <new-httpd@apache.org>, <kov@adv.magwien.gv.at>
Subject: RE: Announce: NTLM authentication module (source included)
Date: Thu, 27 Apr 2000 09:39:54 -0500
Message-ID: <000601bfb056$79759bd0$345985d0@corecomm.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
In-reply-to: 
 <7864CE46A3ACD311848B005004EB51A5013AC5CE@msxadv1.host.magwien.gv.at>
Importance: Normal

> From: Weber Sylvia [mailto:kov@adv.magwien.gv.at]
> Sent: Thursday, April 27, 2000 5:04 AM

> Here's the source of my ntlm_module.
> It would be great if you can test and discuss my solution. I would be
> open to implement changes and enhancements.  At the moment the
> documentation should be qualified beta quality, sorry.
> Attached are 3 files:
> mod_auth_ntlm.diff - diff file for apache 1.3.12
> readme.txt - my doc :-]
> PwCheck_1.1.tar.gz - gnuzipped tar of the required PwCheck daemon
> Sylvia

ACKed - I will tear it down over the weekend and collect my thoughts on it.
I'm assuming this is a 1.3 series submission?  I know it will be rejected
out of hand on it's own - so if you are willing to implement 1.3.12 changes
as needed, I'm willing to port it all to 2.0.  Do you have objections to
porting the samba code to C?

I'm considering, if it is possible, to make Challenge/Response a seperate
layer or module from NT user authentication.  In this way we could possibly
offer Challenge/Response on top of an htpasswd file, a database (vauge, I
know), or the NT domain.  Perhaps a 2.0 feature alone.  Your thoughts?

One last comment... please avoid richtext/html messages to mailing lists
and newsgroups entirely, too many interested readers still use console
based news/mail readers.  And thank you much for the submission

Bill

> From: Weber Sylvia [mailto:kov@adv.magwien.gv.at]
> Sent: Wednesday, April 26, 2000 1:56 AM
>
> I have written a module which is capable of doing ntlm
> (Windows NT Domain
> Controller) style authentication. Here you can use challenge/response
> protocol like the combination of IIS and Internet Explorer in
> Intranets.
>
> You can choose two modes:
>       1. You use challenge/response mode (truely like IIS).
> Now, with a NT
> Domain controller, your not asked for username and password,
> your Domain
> logon is used.
>       2. You use normal .htaccess control (basic
> authentication), but no
> htpasswd is used. Username and password are verified against
> the Windows
> NT Domain controller.
>
> This is a normal apache module, with small parts of the samba code.
>
> Though it's my first time of code or patch contribution I
> would be glad to
> get some help and testing from people out there.
>
> I will send the code on request.
>
> Sylvia
>
> ---
> Sylvia Weber <kov@adv.magwien.gv.at>
> Municipality of Vienna, Austria
>


-----Urspr�ngliche Nachricht-----
Von: William A. Rowe, Jr. [mailto:wrowe@lnd.com]
Gesendet: Mittwoch, 26. April 2000 16:29
An: new-httpd@apache.org
Cc: kov@adv.magwien.gv.at
Betreff: RE: Announce: NTLM authentication module


A couple of NT folk were looking at this, including myself.
We would be very happy to review your submission.  One concern that
I have is to offer a unix solution to challenge/response authentication,
based on a non-NT password store, as well as offer Win32 solutions as
you have described.
An ongoing debate has been to offer some Win32 password database support.
Since the NT password store is the obvious solution, this reduces the
urgancy of that debate.
The module sounds like an execelent contribution in this direction.
Thank you for the offer.  Any contributions you have to offer can be
sent directly to new-httpd list for review and consideration.
Bill