Hi Cathy,
If the 3.1 code base doesn't have the support to handle connection-based authentication states, how does NTLMv1 work? Is the NTLMv1 implementation in 3.1 datagram-oriented as opposed to connection-based?
No, it's connection-based. We just don't track the state. If a connection is returned to the pool after NTLM authentication, it will be handed out to any thread connecting to the same target, even if that thread does not have access to the credentials it would need to authenticate a new connection. This approach really works only if the connection pool is owned by a single client application. If it's a shared pool, NTLM authenticated connections need to be closed or there is a gaping security hole. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
