Re: Windows NTLM authenticator

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 8 Sep 2003 09:13:50 +0200 (CEST)

On Sun, 7 Sep 2003, Serassio Guido wrote:

> I have tried too this solution, but the things seems to more instable.

In what way?

> I have some doubt about challenge's reuse: with this type authenticator,
> challenge can be reused ?

The challenge packet should never be reused, but if you have clients which
are guaranteed to be compatible then it may work for NTLM if you are
lucky.

In NTLMv2 the challenge packet can not be reused at all.

> Another question: it works fine with Mozilla's NTLM and with IE when the
> machine is in the right domain, when the machine is in another domain, IE
> pop-up randomly asking username/password/domain again.

No idea.

> So, if possible, do you can give a look to the sources to see if there
> anything missing ?

I can try, but I am very buzy with other tasks at the moment.

Robert or Kinkie: Do you have any possibility to look into this?

To make such verification easier, please collect the following pieces of
information:

1. access.log with log_mime_hdrs
2. traffic to/from the helper, identified by helper instance
3. calls & responses from the Windows SSP module, identified by helper
instance.

Regards
Henrik
Received on Mon Sep 08 2003 - 01:13:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:40 MST