[4583] in WWW Security List Archive
Re: MS-IIS/IE Alternative to Basic Auth?
daemon@ATHENA.MIT.EDU (David W. Morris)
Tue Feb 25 12:54:44 1997
Date: Mon, 24 Feb 1997 13:03:12 -0800 (PST)
From: "David W. Morris" <dwm@xpasc.com>
To: Someone <somewhere.com!someone@telecnnct.com>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <3311B74B.59E2B600@somewhere.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Mon, 24 Feb 1997, Someone wrote:
> David W. Morris wrote:
> > [...]
> > attempt to authenticate a user via Win/NT Challenge/Response
> > authentication and only if that was rejected, use Basic Authentication.
>
> I'd be interested in knowing why this appears to be limited to NT.
We might know the answer, if we knew what it is ... if it exists at all...
what I heard described sounded like an out-of-band non-HTTP protocol
between members of an NT domain. I can't imagine that Microsoft would
implement such a solution themselves for another context (MSIS &&
MSIIS/NT) but SAMBA for example plays nicely in this environment so
I would assume servers other than IIS/NT could as well.
Dave Morris
