On Fri, Aug 17, 2001 at 10:18:57PM +0100, David Woolley wrote:
> > it would be nice if lynx could work with NT's personal webserver passwords
> > (Netscape and Opera don't either of course). That's NTLM I think,
> > though I don't know much about that.
>
> Mozilla doesn't either, which makes me believe the specification is not
> in the public domain, or is covered by patents.
just checking there is some webpage stuff on it (but of course w/o implementing
I wouldn't know if it's accurate or sufficient to do the job).
this is from the first hit I found
http://www.innovation.ch/java/ntlm.html
NTLM Authentication Scheme for HTTP
Introduction
This is an attempt at documenting the undocumented NTLM authentication
scheme used by M$'s browsers, proxies, and servers (MSIE and IIS);
this scheme is also sometimes referred to as the NT challenge/response
(NTCR) scheme. Most of the info here is derived from three sources
(see also the Resources section at the end of this document): Paul
Ashton's work on the NTLM security holes, the encryption documentation
from Samba, and network snooping. Since most of this info is
reverse-engineered it is bound to contain errors; however, at least
one client and one server have been implemented according to this data
and work successfully in conjunction with M$'s browsers, proxies and
servers.
Note that this scheme is not as secure as Digest and some other
schemes; it is slightly better than the Basic authentication scheme,
however.
Also note that this scheme is not an http authentication scheme - it's
a connection authentication scheme which happens to (mis-)use http
status codes and headers (and even those incorrectly).
> A while ago, someone, from Microsoft, but acting personally, volunteered
> to add them, but was never heard from again.
>
> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
--
Thomas E. Dickey <[EMAIL PROTECTED]>
http://dickey.his.com
ftp://dickey.his.com
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
