[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: What's NTLM for?

Ariel Frozza wrote:
> I'm confused about the use of NTLM authentication.
> What's the relationship betwen Samba PDC, Winbind and Squid?

Basically, it's a Windows-type way of encoding authentication (e.g.
username and password) details. The idea is that if passwords get sent
over a network in "plain text", an attacker who is in a position to look
at network traffic can "sniff" the passwords out of passing network

If the attacker can get control of a computer on a "subnet" through
which the password travels, it's fairly easy to watch all the data on
that network.

So NTLM is one of several schemes that make use of "one-way encryption".
It's possible for the client to prove that it has the correct password,
without the password itself ever being sent over the network.

So Samba may have clients that want to talk NTLM at it, and Winbind has
to talk NTLM to whatever it's authenticating against.

Squid is in an interesting position because it may need to talk NTLM to
an "upstream" (further away from the clients) proxy, or the web server,
or to an "authentication server" (to ensure that a client has logged in
with the correct username and password). And it may need to talk NTLM to
browsers to get usernames and passwords to pass on to other servers.

The important thing is that you *don't* consider NTLM to be
authentication in itself -- just an encoding technique.

Hope this helps,


E-mail address: james | They say that every cloud has a silver lining, which
@westexe.demon.co.uk  | must be a bit alarming for airline pilots...
                      |     -- "I'm Sorry, I Haven't A Clue", BBC Radio 4

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]