On Wed, 22 Jul 2009, Henrik Nordstrom wrote:
fre 2009-07-17 klockan 14:23 -0400 skrev Mike Diggins:
I've been asked to investigate eliminating the Basic authentication option
due to the obvious security risks (I need to maintain NTLM though). After
some brief reading, it appears that Digest Authentication might work. Can
I use Digest Authentication against Winbind like I do now?
Unfortunately not. winbind do not expose the Digest authentication
scheme, even if you should configure your AD domain to support it (by
default disabled in AD, and enabling it requires everyone to reset their
password once enabled).
And it won't be a single-sign-on solution even if the account & password
is the same. In theory it could be, but Microsoft has not implemented
single sign on when using Digest.
Also, is the
Digest Authentication supported by most modern browsers (Windows and MAC
versions)?
Yes.
But there is still related applications & plugins which only supports
Basic or perhaps NTLM.
Thanks. If my requirements are to keep NTLM working, and have the MD
authentication ultimately authenticate against that same domain (somehow),
could I separate the two, and perhaps use a different authenticator for
the MD Auth part - or does the MD auth just not work that way?
-Mike
