RE: Authentication problem

From: Dave J Woolley <DJW@dont-contact.us>
Date: Thu, 23 Sep 1999 14:19:43 +0100

> From: Henrik Nordstrom [SMTP:hno@hem.passagen.se]
>
> Nick Sparkes wrote:
>
> > Ideally I would like to integrate the authentication with NDS,
>
> Username+password authentication can be used if you can find a program
> that can validate the username+password pair. I know nothing about how
> to validate NDS passwords, but I assume it is doable somehow or it would
> be a rather useless authentication directory.
>
        If NDS is Netware Directory Services, Netware have used challenge
        response password systems since before NDS. However, I don't think
        squid is able to pass a challenge through to the browser, and
        browsers don't, in general, know how to handle the Netware
        authentication protocol, do any use of NDS passwords is likely
        to involve a clear text exchange between the browser and the
        proxy, severely compromising the security features
        in the Netware protocol.

        The policy in this situation may well be to *not* use the Netware
        password for proxy access, or to have a completely different set of
        Netware passwords for this purpose from those intended for use to
access
        the file servers.
Received on Thu Sep 23 1999 - 07:38:51 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:32 MST