aw at ice-sa
Apr 4, 2012, 12:49 AM
Post #8 of 9
William A. Rowe Jr. wrote:
> On 3/30/2012 1:56 AM, Dami Laurent (PJ) wrote:
>>> -----Message d'origine-----
>>> De : André Warnier [mailto:aw [at] ice-sa]
>>>> I was considering forking the module and fixing bugs like these, but I
>>>> am not quite sure how much sense that makes given the fact that NTLM is
>>>> deprecated technology.
>>> Huh ? Who said that ? To my knowledge, 99% of large corporations use NTLM
>>> (Windows Domain
>>> Authentication) as their basic AAA mechanism.
> Well, NTLM was DoA. It is isn't HTTP compatible (0.9, 1.0 or 1.1). HTTP is stateless, MS
> NTLM presumes a stateful connection.
>> For the future, the way to go is Kerberos; this is what Microsoft is pushing in replacement for NTLM.
I agree with all of the above, and NTLM is a p.i.t.a.
Nevertheless, I have quite a few large international companies as customers, and all of
them, today, are still using variations of NTLM. Most of them now NTLMv2 as default, but
many of them still support NTLMv1, for legacy reasons.
In most of them, there is still a significant number of workstations and servers which run
OS versions which do not support anything else, and/or application software ditto.
What MS is pushing is one thing (if anything, they need to sell more new OS licenses);
what customers really do is not necessarily the same.