[4585] in WWW Security List Archive
Re: MS-IIS/IE Alternative to Basic Auth?
daemon@ATHENA.MIT.EDU (Jim Harmon)
Tue Feb 25 13:26:37 1997
Date: Tue, 25 Feb 1997 10:05:00 -0500
From: Jim Harmon <jharmon@telecnnct.com>
To: Someone <someone@somewhere.com>
Cc: "David W. Morris" <dwm@xpasc.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Someone wrote:
>
> David W. Morris wrote:
> >
> > I just fininshed a two day seminar relating to IIS in which a generally
> > knowledgable instructor asserted that IIS 3.0 on NT 4.0 would first
> > attempt to authenticate a user via Win/NT Challenge/Response
> > authentication and only if that was rejected, use Basic Authentication.
> >
> > 1) Can anyone confirm this and if so identify some documentation on the
> > scope of applicability ... that is, in what situations will this
> > apply?
> >
> > 2) Assuming confirmed, is there more documentation on the precise
> > protocols such that servers other than MS IIS might use the same
> > approach?
> >
> > Thanks,
> >
> > Dave Morris
>
> I'd be interested in knowing why this appears to be limited to NT.
sorry all,
My return address was aliased while I was searching commercial (spam)
lists... I didn't want to incur endless spam to my direct account.
:)
--
Jim Harmon The Telephone Connection
jim@telecnnct.com Rockville, Maryland
