Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Tue, 2004-09-14 at 08:13, Yimin Chen wrote:
> Hi Andrew,
> I still have some doubt about the ntlm_auth tool, sorry for posting so=20
> many questions. Could you please clarify them for me?
> 1) I see ntlm_auth has option to specify the NT/LM responses to get user=20
> authenticated. But if we don't parse the handshakes, but just handover=20
> to ntlm_auth tool, we won't even know which user we are authenticating.

This is for use in different protocols, such as MSCHAP (used in PPP),
where we are given the username, NT and LM responses separately. This
is not the case for the 'blob' based form of NTLMSSP we find in HTTP.

> So we still need to do some parsing to get username, domain, type of=20
> message, etc, right? Or anything after "Proxy Authorization: NTLM "=20
> should be passed to ntlm_auth? I am a little confused.

Have a read of:




You will see that when ntlm_auth is finished, it will tell you which
user was authenticated.

> 2) When you say "blob", is the encoded string inside the authentication=20
> header you are referring to? Is there any document about NTLMSSP that I=20
> should read to understand it better? The only thing I found right now is=20
> from Microsoft site:
> "NTLMSSP, whose authentication service identifier is RPC_C_AUTHN_WINNT,=20
> is a security support provider that is available on all versions of=20
> DCOM. It uses the Microsoft=C2=AE Windows NT=C2=AE LAN Manager (NTLM) pro=

tocol for=20
> authentication."

There is actually quite a bit of information about NTLMSSP around -
start with http://davenport.sf.net/ntlm.html and then read the

Andrew Bartlett

Andrew Bartlett abartlet@samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.4 (GNU/Linux)