[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Cookie accepting behaviour in lynx 2.8rel2 (SCO Skunkware20
From: |
Thomas Dickey |
Subject: |
Re: lynx-dev Cookie accepting behaviour in lynx 2.8rel2 (SCO Skunkware2000 version) |
Date: |
Fri, 17 Aug 2001 17:39:02 -0400 |
User-agent: |
Mutt/1.2.5i |
On Fri, Aug 17, 2001 at 10:18:57PM +0100, David Woolley wrote:
> > it would be nice if lynx could work with NT's personal webserver passwords
> > (Netscape and Opera don't either of course). That's NTLM I think,
> > though I don't know much about that.
>
> Mozilla doesn't either, which makes me believe the specification is not
> in the public domain, or is covered by patents.
just checking there is some webpage stuff on it (but of course w/o implementing
I wouldn't know if it's accurate or sufficient to do the job).
this is from the first hit I found
http://www.innovation.ch/java/ntlm.html
NTLM Authentication Scheme for HTTP
Introduction
This is an attempt at documenting the undocumented NTLM authentication
scheme used by M$'s browsers, proxies, and servers (MSIE and IIS);
this scheme is also sometimes referred to as the NT challenge/response
(NTCR) scheme. Most of the info here is derived from three sources
(see also the Resources section at the end of this document): Paul
Ashton's work on the NTLM security holes, the encryption documentation
from Samba, and network snooping. Since most of this info is
reverse-engineered it is bound to contain errors; however, at least
one client and one server have been implemented according to this data
and work successfully in conjunction with M$'s browsers, proxies and
servers.
Note that this scheme is not as secure as Digest and some other
schemes; it is slightly better than the Basic authentication scheme,
however.
Also note that this scheme is not an http authentication scheme - it's
a connection authentication scheme which happens to (mis-)use http
status codes and headers (and even those incorrectly).
> A while ago, someone, from Microsoft, but acting personally, volunteered
> to add them, but was never heard from again.
>
> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
--
Thomas E. Dickey <address@hidden>
http://dickey.his.com
ftp://dickey.his.com
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden