On Friday 11 July 2003 04.09, [EMAIL PROTECTED] wrote: > from a programmers perspective it's probably a pain but from our > point of view it seems the best.
If you only knew the mess it makes with the HTTP protocol... NTLM is a proprietary protocol only available on Windows. Others who want to implement the protocol must first reverse-engineere the protocol (see Samba) or license the technology from Microsoft (not an option for Open Source). The implementation of NTLM over HTTP is violating important design aspects of the HTTP protocol. HTTP is a message oriented protocol, while NTLM is a connection oriented authentication scheme. Big collision there. Because of the HTTP protocol violations there are restrictions on the usefulness of NTLM over HTTP. The perhaps most visible restriction is that NTLM over HTTP can not be proxied via HTTP proxies, meaning that if you are using a proxy then you can not log in to web servers requiring NTLM over HTTP authentication. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]