On Mon, 13 Oct 2003, Ilya wrote: > 1) In what format client passes username|password to squid when ntlm > authentication is used? In http-header, in base64 coding?
username is passed in plain text or UTF8 encoding inside a base64 blob of the NTLMSSP message exchange. password IS NOT passed. > 2) Does every http-response contain user`s username & password > when ntlm authentication is used? No. NTLM-over-http is not a HTTP authentication scheme, it only tries to masquerade itself as looking like one at a first glance.. Regards Henrik
