Return-Path: 
 <new-httpd-return-3211-apmail-new-httpd-archive=apache.org@apache.org>
Delivered-To: apmail-new-httpd-archive@apache.org
Received: (qmail 94028 invoked by uid 500); 2 May 2000 14:49:37 -0000
Mailing-List: contact new-httpd-help@apache.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
Reply-To: new-httpd@apache.org
list-help: <mailto:new-httpd-help@apache.org>
list-unsubscribe: <mailto:new-httpd-unsubscribe@apache.org>
list-post: <mailto:new-httpd@apache.org>
Delivered-To: mailing list new-httpd@apache.org
Received: (qmail 94015 invoked from network); 2 May 2000 14:49:36 -0000
From: "William A. Rowe, Jr." <wrowe@lnd.com>
To: <new-httpd@apache.org>
Subject: RE: Announce: NTLM authentication module
Date: Tue, 2 May 2000 09:48:47 -0500
Message-ID: <000201bfb445$a00af900$345985d0@corecomm.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
In-Reply-To: 
 <7864CE46A3ACD311848B005004EB51A5013AC5D2@msxadv1.host.magwien.gv.at>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

More links of interest...

http://msdn.microsoft.com/library/specs/cifs1099_smbrequests.htm

http://msdn.microsoft.com/library/partbook/asp20/internetserversecurity.htm

I don't know that it is isn't beyond the scope of the Apache project to
offer NT challenge/response in the core distribution, now that I look at the
deeply embedded issues.

That isn't to say I don't support integrated NT user authentication (I do),
for the Win32 build, and perhaps later implement kerbos passthrough
authentication, but I'm really looking at this from the 'features' side.

NT internal authentication mirrors what can be accomplished on Unix with
native Unix features.  Challenge/Response is a client protocol, proprietary
and MS specific, that if implemented, must be supported on all platforms.

I'm looking at this as an valueable alternative to the NT server.
Perhaps some Unix developers can shed their thoughts on the challenge
response argument.

Bill

> -----Original Message-----
> From: Weber Sylvia [mailto:kov@adv.magwien.gv.at]
> Sent: Tuesday, May 02, 2000 6:54 AM
>
> > -----Urspr�ngliche Nachricht-----
> > Von: Bill Stoddard [mailto:stoddard@raleigh.ibm.com]
> > Gesendet: Freitag, 28. April 2000 16:21
> >
> > This detail effectively kills the possibility of including
> > this module in the standard
> > Apache distribution since Samba is GPLed.
>
> If possible, I'll eliminate the Samba-code.
> I think the essential question is, if the idea of how to
> communicate with
> the domain-controler is licenced or only the implemented code.
>
> At the moment I'm searching for documentation of the NTLM
> protocols. If this
> is public available, it's easy to reimplement the GPLed code
> with Apache
> style license. Any help and pointers will be appreciated.
>
> Till this point is not cleared, please refer to the code sent
> as GPLed.
>
> For the part of the http challenge/response protocol there's
> an article from
> Scott Stabbert (Microsoft) named "Authentication and Security
> for Internet
> Developers"
http://msdn.microsoft.com/workshop/server/feature/security.asp

Sylvia