#8 Proxy auth using current credenials

open
nobody
None
5
2006-10-06
2006-10-06
Anonymous
No

Is it possible to rewrite code so it will use
currently logged in user credentials in Windows? This
is usually done by calling AcquireCredentialsHandle
(for NTLM security package). Therefore it will be no
need of storing user name and passsword in cfg file.
This surely will lead you to making a separate version
of ntlmaps for Windows only.

Ntlmaps rocks! ;))

Discussion

  • Nobody/Anonymous

    Logged In: NO

    Something which I think WOULD be useful which would go
    partway to fulfilling this request would be to overwrite the
    plain text username/password with the appropriate hashes.

    So, the first time you open NTLM APS, if the plain text
    settings exist, then read them, calculate the hashes, store
    them and then delete the plain text versions.

    As the hashs are not DIRECTLY reversible to plain text, this
    should provide an adequate security system and still remain
    non proprietary (i.e. by having to use a windows only call).

    I'm not sure, yet, if the hashs remain for the duration of
    the session or are somehow different on a per request basis
    or what.

    Hopefully I can find out.

     

Log in to post a comment.