My sincere thanks to Amos for his deep insight and to Eugene for his
practical advice. This was of great help for me, and I think will help
future googlers as well.
Amos says:
> Popups you are trying to avoid is a browser feature. It is 100% up to
the client to use the password manager and/or operating system settings
which prevent it being needed.
You're right of course. Having no control over PC settings, I will try
to find the combination of offered mechanisms that gives the best
result, with the existing set of PCs and OSs.
NTLMv1 would "work" because it allowed automatic
down-grade of the security level to one of those broken (8-bit
security!) mechanisms
Argghhhhhh... I didn't realize it was so broken.
Hope this clarifies everything for you.
Yes, thank you a lot. I see it's not an obvious choice and I want to
meditate some more, for now it seems that samba4 ntlm_auth + [some
helper for authorization] could be my choice. I will try to keep basic
auth clients in some kind of ghetto and never worry about digest auth.
I will share here my final and tested configuration.
Thanks again,
Bergonz
--
Ing. Michele Bergonzoni - Laboratori Guglielmo Marconi S.p.a.
Phone:+39-051-6781926 e-mail: bergonz@xxxxxxx
alt.advanced.networks.design.configure.operate
