----- Original Message ----- From: "Kaye-Smith Adam" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 12, 2002 4:51 AM Subject: NTLM module
Hello , >When I enter in an NT password it all works ok but when I use a >user/pass from the htpasswd file, the only way it will work is that I >change the above line to > >AuthType Basic instead of >AuthType ntlm,Basic. > > >With this change I can access passwords in htpasswd & also authenticate >from an NT server but I can no longer use NTLM. The problem is that Basic authentication requires a password from the client which can be compared against your password file. In case of NTLM auth, there is no password ever send over the wire, so Apache doesn't have anything which it can compare against it's passwd file. The solution would be to derive a class from AuthenNTLM and do the computation of the challage and response based on the secrets in the passwd file (you would need to store MD4 hashs of your passwords somewhere). There is a module called Perl::AuthenNTLM which may be helpfull in doing this task. Gerald ------------------------------------------------------------- Gerald Richter ecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice: +49 6133 925131 WWW: http://www.ecos.de Fax: +49 6133 925152 -------------------------------------------------------------
