[OT] Digest authentication session key with ADS

Henrik Nordstrom hno at squid-cache.org
Tue Feb 24 13:57:39 GMT 2004

On Tue, 24 Feb 2004, Luke Howard wrote:

> As I recall, it is a generic (level 4) SAM logon, for the WDigest
> security package. 

To make life more interesting the way Digest is handled seems to be pretty
much redone between ADS 2000 and ADS 2003, or at least IIS 6 requires
completely different Digest configurations for the two, from what it
appears not using the Digest SSP for ADS 2000 but using some other Digest 

Investigations currently pending to find more details.

Also, we have not yet managed to convince IIS to perform MD5-Sess Digest
authentication, just plain MD5. It is only in MD5-Sess the interesting
session key exists allowing efficient integration with a backend
directory. Integration using MD5 Digest is not that interesting as a
roundtrip to the directory would be required on each and every request.


More information about the samba-technical mailing list