W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2007

Re: New issue: Need for an HTTP request method registry

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Fri, 10 Aug 2007 16:10:49 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1186755049.21771.61.camel@henriknordstrom.net>
On fre, 2007-08-10 at 10:02 +1200, Adrien de Croy wrote:
> To use digest on a windows platform you can't 
> auth against the windows or AD user database unless you re-write that 
> database (since there's no conversion between one way hashes).  I can't 
> see MS doing that when they can and have just kludged NTLM into HTTP.  
> Is the fact that they had to kludge it in without support an indication 
> of a failing in HTTP?

MS AD supports Digest if you want. But it's not enabled by default due
to security concerns. Apparently this is because they then store the
plaintext password in the internal database and not the less sensitive
Digest H(A1) values (probably to avoid being dependent on the realms
used). Every existing user wanting to use Digest only needs to change
their password after this change to have the AD object updated with the
required password details.

Same for Novell eDirectory with it's "universal password" support.


Received on Friday, 10 August 2007 14:11:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:43 UTC