----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
That is also why the 'handshake' with Internet Explorer does not
send the password over the line. If I'm not mistaken it starts with
some bytes sent from the server to the browser. The browser appends
the password and calculates a hash from the total and then only
that hash is sent to the server.
This is only applicable to Internet Explorer and does not work with
Netscape. Also it is not applicable when you use basic authentication
with that module
Johan.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of SeJo
> Sent: Friday, December 03, 1999 6:37 AM
> To: Java Apache Users
> Subject: Re: NT-Apache authorization.....URGENT
>
>
> ----------------------------------------------------------------
> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> WHEN YOU POST, include all relevant version numbers, log files,
> and configuration files. Don't make us guess your problem!!!
> ----------------------------------------------------------------
>
> Brett,
>
> thank for advice....I was considering that too, but am pretty
> sure that wont
> happen in this environment (small intranet).
>
> You mentioned some decent web sites.......but i see no track
> of them in your
> mail......can you (re)send them please?
>
> thanks again
>
> SeJo
>
> ----- Original Message -----
> From: Brett Knights <[EMAIL PROTECTED]>
> To: 'Java Apache Users' <[EMAIL PROTECTED]>
> Sent: Friday, December 03, 1999 3:28 PM
> Subject: RE: NT-Apache authorization.....URGENT
>
>
> > ----------------------------------------------------------------
> > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> > WHEN YOU POST, include all relevant version numbers, log files,
> > and configuration files. Don't make us guess your problem!!!
> > ----------------------------------------------------------------
> >
> > Whoa!
> > Think carefully before you start flying your ntlm passwords
> around the
> net.
> > If your concern is BasicAuthentication vs. NTLM I'd highly
> recommend using
> SSL.
> >
> > When I looked at this I found a few decent web sites that
> address the
> topic. Check them out.
> > Remember if someone captures an Apache password they can
> still only mess
> with what is controlled by apache. IF someone captures an
> > NTLM token for a user that can write to the registry they
> can mess with
> your server.
> >
> >
> > ***********************************************************
> > Brett Knights 626-432-5767 work
> > [EMAIL PROTECTED] 626-355-1017 home
> > ***********************************************************
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf
> Of Philippe
> > > Johan 999900280
> > > Sent: Thursday, December 02, 1999 2:36 AM
> > > To: SeJo; Java Apache Users
> > > Subject: Re:NT-Apache authorization.....URGENT
> > >
> > >
> > > ----------------------------------------------------------------
> > > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> > > WHEN YOU POST, include all relevant version numbers, log files,
> > > and configuration files. Don't make us guess your problem!!!
> > > ----------------------------------------------------------------
> > >
> > > SeJo,
> > >
> > > concerning authorization, have a look at the module mod_ntlm at
> > > http://www.ozemail.com.au/~timcostello/mod_ntlm/
> > > (you can find it also in the modules.apache.org catalog).
> > >
> > > Now as to fetch the user name or something else, I think that'll
> > > depend on the module you use for authentication.
> > >
> > > regards,
> > >
> > > Johan Philippe
> > > E&Y Consulting
> > >
> > > SeJo:
> > > ----------------------------------------------------------------
> > > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> > > WHEN YOU POST, include all relevant version numbers, log files,
> > > and configuration files. Don't make us guess your problem!!!
> > > ----------------------------------------------------------------
> > >
> > > Hello,
> > >
> > > I am using ApacheWebServer and JServ on NT 4.0 and would like
> > > to configure
> > > it (apache) to use the NT passwords for authorization. I
> > > still didn't find
> > > the right module for doing so........
> > >
> > > But, the most important question is:
> > >
> > > How can I fetch the apache user name from the servlet code,
> > > once the user is
> > > logged in using the apache authorization (no matter which one
> > > (files, DB's
> > > ..NT))?
> > >
> > > help,help,help.....
> > >
> > >
> > > SeJo
> > >
> > > ------------------------------------------------------------
> > > Selim Cesic
> > > Synes N.V.
> > >
> > > Email: [EMAIL PROTECTED]
> > > Home: http://www.synes.com
> > >
> > > ------------------------------------------------------------
> > >
> > >
> > >
> > >
> > > --
> > > --------------------------------------------------------------
> > > Please read the FAQ! <http://java.apache.org/faq/>
> > > To subscribe: [EMAIL PROTECTED]
> > > To unsubscribe: [EMAIL PROTECTED]
> > > Archives and Other: <http://java.apache.org/main/mail.html>
> > > Problems?: [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > > --
> > > --------------------------------------------------------------
> > > Please read the FAQ! <http://java.apache.org/faq/>
> > > To subscribe: [EMAIL PROTECTED]
> > > To unsubscribe: [EMAIL PROTECTED]
> > > Archives and Other: <http://java.apache.org/main/mail.html>
> > > Problems?: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> > --
> > --------------------------------------------------------------
> > Please read the FAQ! <http://java.apache.org/faq/>
> > To subscribe: [EMAIL PROTECTED]
> > To unsubscribe: [EMAIL PROTECTED]
> > Archives and Other: <http://java.apache.org/main/mail.html>
> > Problems?: [EMAIL PROTECTED]
> >
>
>
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html>
> Problems?: [EMAIL PROTECTED]
>
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
