Re: IIS 5.0 with Integrated Window Authentication

[cc_mofo () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----

Thanks to everyone for the responses.  I've gotten APS up and running and it works as advertised, i.e. perfectly.  It 
does of course require that any tool that I use have proxy support (whisker just got proxy support with 2.0, and even 
then I don't have it working against APS yet).

I understand WebInspect might work, so I will try it once their license squad finishes working me over.

I'll take another look at SPIKE proxy for this at some point---last time I wound up in the weeds (code weeds, that is) 
trying to track down why/where it didn't work.

On Thu, 07 Nov 2002 11:35:23 -0800 Dave Aitel <dave () immunitysec com> wrote:
> Hmm. My basterdized SPIKE Proxy NTLM auth does, in fact, work through
> the proxy though.
>
> Client->SPIKE Proxy->Server
>
> Where Client is sending Proxy-Authorization, and SPIKE Proxy is
> translating that into Authorization: and sending it to the server
> and so
> on. I get access on IIS 5.0, at least.
>
>
> -dave
>
> On Wed, 6 Nov 2002 23:27:54 +0100
> Sebastian Flothow <sebastian () flothow de> wrote:
>
> > > The goofy three-message exchange that sets up the NTLM security
> > > doesn't seem to make it through the proxy,
> >
> > AFAIK, NTLM _can_ _not_ work through proxies, by design. It seems
> it
> > includes the client's IP address, which then doesn't match that
> of the
> > proxy (which is the client from the server's point of view), or
>
> > something similar.
> >
> >
> > Sebastian
> >
> > --
> > Sebastian Flothow
> > sebastian () flothow de
> > #include <stddisclaimer.h>
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlwEARECABwFAj3K2l4VHGNjX21vZm9AaHVzaG1haWwuY29tAAoJEDsVajchvitlG1UA
n3OnlWLqIPN1J6P7C7wSmyE+ar1oAKC3pdzrRnmMiNUI9p+by7xyLHJuNA==
=cZMw
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com