mån 2006-12-11 klockan 23:37 -0500 skrev Brian J. Murrell: > But my suggestion of using ntlm_auth was not so much in it's binary form > but as a source of SPNEGO handling. IIUC, ntlm_auth takes the SPNEGO > blob from the client via squid and unpacks it and does the NTLM auth > with the MS Goop(tm) doesn't it? It does, but it also does the Kerberos Goop(tm) when it was a Kerberos request and not NTLM... For those unaware of the protocols SPNEGO is a Microsoft wrapper around all the other security service providers in Windows, allowing client and server to negotiate which authentication scheme to use. As such it encapsulates both NTLM and Kerberos authentication. In HTTP Microsoft for some reason calls this wrapper scheme for Negotiate while everywhere else it's SPNEGO from the wrapper security service provider name.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
