lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Cookie accepting behaviour in lynx 2.8rel2 (SCO Skunkware20

From: Thomas Dickey
Subject: Re: lynx-dev Cookie accepting behaviour in lynx 2.8rel2 (SCO Skunkware2000 version)
Date: Fri, 17 Aug 2001 17:39:02 -0400
User-agent: Mutt/1.2.5i 
On Fri, Aug 17, 2001 at 10:18:57PM +0100, David Woolley wrote:
> > it would be nice if lynx could work with NT's personal webserver passwords
> > (Netscape and Opera don't either of course).  That's NTLM I think,
> > though I don't know much about that.
> 
> Mozilla doesn't either, which makes me believe the specification is not
> in the public domain, or is covered by patents. 

just checking there is some webpage stuff on it (but of course w/o implementing
I wouldn't know if it's accurate or sufficient to do the job).
 
this is from the first hit I found
http://www.innovation.ch/java/ntlm.html

                      NTLM Authentication Scheme for HTTP

Introduction

   This is an attempt at documenting the undocumented NTLM authentication
   scheme  used  by  M$'s  browsers, proxies, and servers (MSIE and IIS);
   this scheme is also sometimes referred to as the NT challenge/response
   (NTCR)  scheme.  Most  of  the info here is derived from three sources
   (see  also  the  Resources  section at the end of this document): Paul
   Ashton's work on the NTLM security holes, the encryption documentation
   from  Samba,  and  network  snooping.  Since  most  of  this  info  is
   reverse-engineered  it  is  bound to contain errors; however, at least
   one client and one server have been implemented according to this data
   and  work  successfully in conjunction with M$'s browsers, proxies and
   servers.

   Note  that  this  scheme  is  not  as  secure as Digest and some other
   schemes;  it  is slightly better than the Basic authentication scheme,
   however.

   Also note that this scheme is not an http authentication scheme - it's
   a  connection  authentication  scheme  which happens to (mis-)use http
   status codes and headers (and even those incorrectly).
> A while ago, someone, from Microsoft, but acting personally, volunteered
> to add them, but was never heard from again.
> 
> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

-- 
Thomas E. Dickey <address@hidden>
http://dickey.his.com
ftp://dickey.his.com

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]