You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Gerald Richter <ri...@ecos.de> on 2002/08/16 07:10:00 UTC

Re: What is NTLM? (was: NTLM module)

> > Am I totally wrong, or the plain and painful answer is
> > that "NTLM is only supported on Win32 boxes"? I think
> > I read somewhere that, because the module relies the
> > Win32 API, it doesn't run on other systems. It even
> > said something like "...whoever wants to grab some
> > Samba code and port the module to *nix, please do...".
> >
> > Again, this is just "something I guess I think I read
> > somewhere", so take it with a grain of salt.

Apache::AuthenNTLM runs only on Unix and it uses Authen::smb to verify
passwords against a windows nt/2000 machine.

On the client side NTLM is only supported by Mircosoft Internet Explorer.
The main reason why you want to use it, is when you haveing an intranet
Apache server on Unix and most/all of your clients use MSIE on Windows as
browser. In this case MSIE will autheticate via NTLM automaticly as the
current logged on user, when a server requests NTLM authentication. So the
main reason to use it, is that in this case the users don't have to type in
there passwords again.

>
> I doubt that NTLM does not need any password. Logically, there must be a
way
> to set up the initial trustful connection between two machines. If not
> password, what will that be ? Or something like Digital Authentication ?
>

>From the README:

The NTLM protocol performs a challenge/response to exchange a random number
(nonce) and get back a md4 hash, which is build form the users password
and the nonce. This makes sure that no cleartext password goes over the
wire,
so it's more secure than basic authentication, which doesn't mean it's
a real secure authentication scheme.

Some information about NTLM can be found at

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/nt
lmssp_0k19.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/
samp/VC98/sdk/winbase/security/winnt/httpauth/httpauth.asp

More detailed implementation details are available from

http://www.opengroup.org/comsource/techref2/NCH1222X.HTM
http://www.innovation.ch/java/ntlm.html

A lot of ideas and information are taken from the similar Apache module
mod_ntlm,
which can be found at http://sourceforge.net/projects/modntlm/

Gerald


-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------