May 24, 2003

NTLM the way?

Microsoft's IIS server admins sometimes use the proprietary NTLM authentication method to provide username:password protection for web directories. Sadly, as a non-standard and undocumented scheme, current non-Microsoft browser users can't access directories protected in this manner, which puts a bit of a crimp in your cross-platform testing strategy.

Apparently it is not in Microsoft's interest to use a standards-based method to authenticate non-Microsoft using site visitors, so challengers have reverse-engineered NTLM and are beginning to provide browsers that can authenticate to IIS servers.

Apple's Safari beta speaks NTLM, although not enough to provide domain information. The recently released Mozilla 1.4 beta is the first Mozilla-based browser to support NTLM authentication. The next version of Netscape reported will be based on the Mozilla 1.4 branch, bringing compatibility to a somewhat wider audience.

For an interesting read on the Mozilla project's efforts to implement cross-platform NTLM support, check out the Bugzilla report: NTLM auth for HTTP.

If you have a machine that can run Python, then Dmitry Rozmanov has written a NTLM Authorization Proxy Server that may allow your remaining and legacy browsers to authenticate to such servers. Haven't had a chance to test this myself, but found it referenced in the above Bugzilla report. Sounds like it could be a workaround for when you or your clients just have to use NTLM.

Posted by Lewis Francis at May 24, 2003 4:49 PM

Have you found that NTLM Authentication is supported in Mozilla for OS X? The readme seems to indicate that this is only supported for Win32. I have just upgraded Safari to the release version and now the only browser that works on my system with NTLM authentication is IE. Safari and Camino now, (they did before I did the upgrade) do not present a dialog box for authentication to the proxy server. At home, without a proxy server, between me and then Internet, all my browers work. I was thinking that the code contained in the Safari browser update effected key pieces of the OS that in turn effected the other borwsers ability to use NTLM authentication.

Your thoughts?

Posted by: Mike at July 15, 2003 3:03 PM

Hey Mike, sorry, but I don't have recent experience with authenticating proxy servers. Have you checked your Proxies tab in the System Prefs Network pane to see if your proxy configuration is correct?

Posted by: Lewis Francis at July 15, 2003 3:10 PM
TrackBack URL for this entry:

Listed below are links to weblogs that reference 'NTLM the way?' from Information Gift.
Post a comment

Remember personal info?

Voigt-Kampf verification (needed to reduce spam):