[Fwd: [Bug 23679] NTLM auth for HTTP]
Kreg Steppe
kreg at virtual1.net
Tue Nov 18 22:01:15 UTC 2003
Damn Straight! I am so ready for this. I run our Intranet, and I have
IIS (yuk) running it, just so there is a transparent login for our
users. I personaly dont care if it asks for my username and password,
as long as I can be on one box and work.
Rui Miguel Seabra wrote:
>Good news, mozilla >= 1.6 will probably support NTLM on all platforms.
>
>-----Forwarded Message-----
>From: bugzilla-daemon at mozilla.org
>To: rms at 1407.org
>Subject: [Bug 23679] NTLM auth for HTTP
>Date: Mon, 17 Nov 2003 19:13:56 -0800
>
>http://bugzilla.mozilla.org/show_bug.cgi?id=23679
>
>
>darin at meer.net changed:
>
> What |Removed |Added
>----------------------------------------------------------------------------
> BugsThisDependsOn| |224653
> Status|ASSIGNED |RESOLVED
> Resolution| |FIXED
>
>
>
>
>------- Additional Comments From darin at meer.net 2003-11-17 19:12 -------
>this bug is fixed. see bug 224653 for details. here's a quick summary:
>
> o starting with mozilla 1.6 beta, it should be possible to connect using NTLM
> authentication on all platforms. note: NTLM is currently only supported
> for HTTP or HTTPS.
>
> o it is not supported when FIPS mode is enabled (because it uses MD4).
>
> o the SSPI based WIN32 implementation has been dropped in favor of the new
> cross-platform implementation. we had too many bugs with SSPI crashing on
> older machines. if possible, i'd therefore like to avoid SSPI altogether.
> however, i'm willing to entertain the possibility of adding it back under
> certain conditions if it proves valuable.
>
> o the new implementation attempts to negotiate the preferred NTLM2 session
> key mode whenever the server supports it. this improves security.
>
> o as with the previous SSPI based implementation, mozilla does not
> automatically send username, password, and domain (based on the user's
> WINNT logon) since we feel that that is a security risk. in a future
> version we may eliminate this restriction for proxy authentication.
>
>
More information about the fedora-devel-list
mailing list