[Fwd: [Bug 23679] NTLM auth for HTTP]

Rui Miguel Seabra rms at 1407.org
Tue Nov 18 09:40:54 UTC 2003 

Good news, mozilla >= 1.6 will probably support NTLM on all platforms.

-----Forwarded Message-----
From: bugzilla-daemon at mozilla.org
To: rms at 1407.org
Subject: [Bug 23679] NTLM auth for HTTP
Date: Mon, 17 Nov 2003 19:13:56 -0800

http://bugzilla.mozilla.org/show_bug.cgi?id=23679


darin at meer.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  BugsThisDependsOn|                            |224653
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From darin at meer.net  2003-11-17 19:12 -------
this bug is fixed.  see bug 224653 for details.  here's a quick summary:

  o  starting with mozilla 1.6 beta, it should be possible to connect using NTLM 
     authentication on all platforms.  note: NTLM is currently only supported 
     for HTTP or HTTPS.

  o  it is not supported when FIPS mode is enabled (because it uses MD4).

  o  the SSPI based WIN32 implementation has been dropped in favor of the new
     cross-platform implementation.  we had too many bugs with SSPI crashing on
     older machines.  if possible, i'd therefore like to avoid SSPI altogether.
     however, i'm willing to entertain the possibility of adding it back under
     certain conditions if it proves valuable.

  o  the new implementation attempts to negotiate the preferred NTLM2 session
     key mode whenever the server supports it.  this improves security.

  o  as with the previous SSPI based implementation, mozilla does not 
     automatically send username, password, and domain (based on the user's
     WINNT logon) since we feel that that is a security risk.  in a future
     version we may eliminate this restriction for proxy authentication.
-- 
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031118/ca468c79/attachment.sig>

More information about the fedora-devel-list mailing list