[Fwd: [Bug 23679] NTLM auth for HTTP]

Kreg Steppe kreg at virtual1.net
Tue Nov 18 22:01:15 UTC 2003 

Damn Straight! I am so ready for this. I run our Intranet, and I have 
IIS (yuk) running it, just so there is a transparent login for our 
users.  I personaly dont care if it asks for my username and password, 
as long as I can be on one box and work.

Rui Miguel Seabra wrote:

>Good news, mozilla >= 1.6 will probably support NTLM on all platforms.
>
>-----Forwarded Message-----
>From: bugzilla-daemon at mozilla.org
>To: rms at 1407.org
>Subject: [Bug 23679] NTLM auth for HTTP
>Date: Mon, 17 Nov 2003 19:13:56 -0800
>
>http://bugzilla.mozilla.org/show_bug.cgi?id=23679
>
>
>darin at meer.net changed:
>
>           What    |Removed                     |Added
>----------------------------------------------------------------------------
>  BugsThisDependsOn|                            |224653
>             Status|ASSIGNED                    |RESOLVED
>         Resolution|                            |FIXED
>
>
>
>
>------- Additional Comments From darin at meer.net  2003-11-17 19:12 -------
>this bug is fixed.  see bug 224653 for details.  here's a quick summary:
>
>  o  starting with mozilla 1.6 beta, it should be possible to connect using NTLM 
>     authentication on all platforms.  note: NTLM is currently only supported 
>     for HTTP or HTTPS.
>
>  o  it is not supported when FIPS mode is enabled (because it uses MD4).
>
>  o  the SSPI based WIN32 implementation has been dropped in favor of the new
>     cross-platform implementation.  we had too many bugs with SSPI crashing on
>     older machines.  if possible, i'd therefore like to avoid SSPI altogether.
>     however, i'm willing to entertain the possibility of adding it back under
>     certain conditions if it proves valuable.
>
>  o  the new implementation attempts to negotiate the preferred NTLM2 session
>     key mode whenever the server supports it.  this improves security.
>
>  o  as with the previous SSPI based implementation, mozilla does not 
>     automatically send username, password, and domain (based on the user's
>     WINNT logon) since we feel that that is a security risk.  in a future
>     version we may eliminate this restriction for proxy authentication.
>  
>

More information about the fedora-devel-list mailing list