> 1) In what format client passes username|password to squid > when ntlm authentication is used? In http-header, in base64 > coding?
I honestly don't know. The source for the wb_ntlmauth helper may tell you. Microsoft may have some info on it, as well. > 2) Does every http-response contain user`s username & > password when ntlm authentication is used? Yes, although (as Henrik pointed out) the browser sends the NTLM hash, not the password. Adam
