MozillaZine

NTLM Authentication Available on Windows via SSPI

Monday March 31st, 2003

dave writes: "A patch for bug 159015 has recently landed. It adds NTLM authentication to Mozilla on Windows — very much needed by people using Mozilla to access corporate intranets. I think it deserves some publicity as it is a long awaited RFE and needs testing. Unfortunately this is Windows only." The reason it's Windows only is because the implementation uses Windows' own SSPI API.


#13 Re: SSPI?

by darinwf

Tuesday April 1st, 2003 12:19 PM

You are replying to this message

> (Winsspi.dll I assume)

security.dll ... and we dynamically load it. AFAIK it is available on most windows systems.

> use the current NT login session like IE does (no prompting for a proxy password)

mozilla currently will not automatically send your default NT logon because we felt that it is a bit of a security risk since any website can issue a NTLM challenge. IE6 happily sends your default logon to any webserver that asks for it. granted it only sends a hash of your password, but NTLM uses a relatively weak hashing algorithm (MD4), so this is not exactly a good thing. in the future we may alter mozilla to automatically send your default logon to proxy servers, but we would have to be very careful to ensure that we only do this when we know we are talking to a proxy server that the user configured.