On lör, 2008-11-01 at 19:49 -0700, Chuck Kollars wrote:
> "One-time" generally refers to the 'nonce' (and 'cnonce') used by
> challenge-response authentication protocols. But verifying the
> nonce-hashed-by-password would require using the actual original
> cleartext password, something proxies do
> > ... Digest authentication is a hashed authentication scheme,
> > exchanging one-time hashes instead of passwords on the wire. ...
Please excuse what may be a real dumb question; I'm trying to grok how Digest
authentication actually works with Squid, and this doesn't seem to me to quite
add
On fre, 2008-10-31 at 13:55 -0500, Richard wrote:
> * What specific piece of the puzzle on the client side is it about the
> NTLM or kerberos authentication methods that allow the authentication
> traffic secure by sending only the credential hashes?
The client talks to the microsoft SSP librari
* What specific piece of the puzzle on the client side is it about the
NTLM or kerberos authentication methods that allow the authentication
traffic secure by sending only the credential hashes? (Am I correct in
understanding that it is the ntlm_auth program that speaks to the NTLM
client an
