httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@lnd.com>
Subject RE: Announce: NTLM authentication module
Date Tue, 02 May 2000 14:48:47 GMT
More links of interest...

http://msdn.microsoft.com/library/specs/cifs1099_smbrequests.htm

http://msdn.microsoft.com/library/partbook/asp20/internetserversecurity.htm

I don't know that it is isn't beyond the scope of the Apache project to
offer NT challenge/response in the core distribution, now that I look at the
deeply embedded issues.

That isn't to say I don't support integrated NT user authentication (I do),
for the Win32 build, and perhaps later implement kerbos passthrough
authentication, but I'm really looking at this from the 'features' side.

NT internal authentication mirrors what can be accomplished on Unix with
native Unix features.  Challenge/Response is a client protocol, proprietary
and MS specific, that if implemented, must be supported on all platforms.

I'm looking at this as an valueable alternative to the NT server.
Perhaps some Unix developers can shed their thoughts on the challenge
response argument.

Bill

> -----Original Message-----
> From: Weber Sylvia [mailto:kov@adv.magwien.gv.at]
> Sent: Tuesday, May 02, 2000 6:54 AM
>
> > -----Urspr√ľngliche Nachricht-----
> > Von: Bill Stoddard [mailto:stoddard@raleigh.ibm.com]
> > Gesendet: Freitag, 28. April 2000 16:21
> >
> > This detail effectively kills the possibility of including
> > this module in the standard
> > Apache distribution since Samba is GPLed.
>
> If possible, I'll eliminate the Samba-code.
> I think the essential question is, if the idea of how to
> communicate with
> the domain-controler is licenced or only the implemented code.
>
> At the moment I'm searching for documentation of the NTLM
> protocols. If this
> is public available, it's easy to reimplement the GPLed code
> with Apache
> style license. Any help and pointers will be appreciated.
>
> Till this point is not cleared, please refer to the code sent
> as GPLed.
>
> For the part of the http challenge/response protocol there's
> an article from
> Scott Stabbert (Microsoft) named "Authentication and Security
> for Internet
> Developers"
http://msdn.microsoft.com/workshop/server/feature/security.asp

Sylvia


Mime
View raw message