Re: What's NTLM for?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ariel Frozza wrote:
> I'm confused about the use of NTLM authentication.
> What's the relationship betwen Samba PDC, Winbind and Squid?

Basically, it's a Windows-type way of encoding authentication (e.g.
username and password) details. The idea is that if passwords get sent
over a network in "plain text", an attacker who is in a position to look
at network traffic can "sniff" the passwords out of passing network
traffic.

If the attacker can get control of a computer on a "subnet" through
which the password travels, it's fairly easy to watch all the data on
that network.

So NTLM is one of several schemes that make use of "one-way encryption".
It's possible for the client to prove that it has the correct password,
without the password itself ever being sent over the network.

So Samba may have clients that want to talk NTLM at it, and Winbind has
to talk NTLM to whatever it's authenticating against.

Squid is in an interesting position because it may need to talk NTLM to
an "upstream" (further away from the clients) proxy, or the web server,
or to an "authentication server" (to ensure that a client has logged in
with the correct username and password). And it may need to talk NTLM to
browsers to get usernames and passwords to pass on to other servers.

The important thing is that you *don't* consider NTLM to be
authentication in itself -- just an encoding technique.

Hope this helps,

James.

-- 
E-mail address: james | They say that every cloud has a silver lining, which
@westexe.demon.co.uk  | must be a bit alarming for airline pilots...
                      |     -- "I'm Sorry, I Haven't A Clue", BBC Radio 4

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux