[4576] in WWW Security List Archive
Re: MS-IIS/IE Alternative to Basic Auth?
daemon@ATHENA.MIT.EDU (Someone)
Mon Feb 24 16:08:50 1997
Date: Mon, 24 Feb 1997 10:44:11 -0500
From: Someone <somewhere.com!someone@telecnnct.com>
To: "David W. Morris" <dwm@xpasc.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
David W. Morris wrote:
>
> I just fininshed a two day seminar relating to IIS in which a generally
> knowledgable instructor asserted that IIS 3.0 on NT 4.0 would first
> attempt to authenticate a user via Win/NT Challenge/Response
> authentication and only if that was rejected, use Basic Authentication.
>
> 1) Can anyone confirm this and if so identify some documentation on the
> scope of applicability ... that is, in what situations will this
> apply?
>
> 2) Assuming confirmed, is there more documentation on the precise
> protocols such that servers other than MS IIS might use the same
> approach?
>
> Thanks,
>
> Dave Morris
I'd be interested in knowing why this appears to be limited to NT.
