[4567] in WWW Security List Archive
MS-IIS/IE Alternative to Basic Auth?
daemon@ATHENA.MIT.EDU (David W. Morris)
Sat Feb 22 00:40:22 1997
Date: Fri, 21 Feb 1997 19:40:28 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.GSO.3.95.970220151354.11257e-100000@thebrain.aa.ans.net>
Errors-To: owner-www-security@ns2.rutgers.edu
I just fininshed a two day seminar relating to IIS in which a generally
knowledgable instructor asserted that IIS 3.0 on NT 4.0 would first
attempt to authenticate a user via Win/NT Challenge/Response
authentication and only if that was rejected, use Basic Authentication.
1) Can anyone confirm this and if so identify some documentation on the
scope of applicability ... that is, in what situations will this
apply?
2) Assuming confirmed, is there more documentation on the precise
protocols such that servers other than MS IIS might use the same
approach?
Thanks,
Dave Morris
