[Typo3-dev] S: Sponsoring Windows authentification in TYPO3
Hans J. Martin
hans-jakob.martin at gmx.net
Tue Aug 31 13:51:04 CEST 2004
> So this extension does _not_ provide _any_ authentification.
> NTLM and/or Kerberos authentification must use the authentification server
> (ADS for example).
Yes, you're right. This is why the extension is set to experimental. See
this just as an example of how to get the browser to send the ntlm packets.
Moreover there is no need to sniff the packets - just logon in windows with
an existing FE_user and any password and you're in...
As I stated before this should be seen as starting point. Further
development shoud implement encryptioin of stored password. In this way you
can create a random nonce which you send to the browser and compare the
returned hashes with the generated ones.
Or maybe you can make a kind of proxy - like samba and squid - to make an
real authetication with an authentification server...there are many
possibilities.
So please don't worry about security in this extension as it _is_ just a
starting point and maybe just to proof that you can get the NTLM thing with
typo3 :-)
Rgds,
hans
More information about the TYPO3-dev
mailing list