> > Am I totally wrong, or the plain and painful answer is > > that "NTLM is only supported on Win32 boxes"? I think > > I read somewhere that, because the module relies the > > Win32 API, it doesn't run on other systems. It even > > said something like "...whoever wants to grab some > > Samba code and port the module to *nix, please do...". > > > > Again, this is just "something I guess I think I read > > somewhere", so take it with a grain of salt.
Apache::AuthenNTLM runs only on Unix and it uses Authen::smb to verify passwords against a windows nt/2000 machine. On the client side NTLM is only supported by Mircosoft Internet Explorer. The main reason why you want to use it, is when you haveing an intranet Apache server on Unix and most/all of your clients use MSIE on Windows as browser. In this case MSIE will autheticate via NTLM automaticly as the current logged on user, when a server requests NTLM authentication. So the main reason to use it, is that in this case the users don't have to type in there passwords again. > > I doubt that NTLM does not need any password. Logically, there must be a way > to set up the initial trustful connection between two machines. If not > password, what will that be ? Or something like Digital Authentication ? > >From the README: The NTLM protocol performs a challenge/response to exchange a random number (nonce) and get back a md4 hash, which is build form the users password and the nonce. This makes sure that no cleartext password goes over the wire, so it's more secure than basic authentication, which doesn't mean it's a real secure authentication scheme. Some information about NTLM can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/nt lmssp_0k19.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/ samp/VC98/sdk/winbase/security/winnt/httpauth/httpauth.asp More detailed implementation details are available from http://www.opengroup.org/comsource/techref2/NCH1222X.HTM http://www.innovation.ch/java/ntlm.html A lot of ideas and information are taken from the similar Apache module mod_ntlm, which can be found at http://sourceforge.net/projects/modntlm/ Gerald ------------------------------------------------------------- Gerald Richter ecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice: +49 6133 925131 WWW: http://www.ecos.de Fax: +49 6133 925152 -------------------------------------------------------------