Active TopicsActive Topics  Display List of Forum MembersMemberlist  CalendarCalendar  Search The ForumSearch  HelpHelp
  RegisterRegister  LoginLogin


 One Stop Testing ForumTypes Of Software Testing @ OneStopTestingFunctional Testing @ OneStopTesting

Message Icon Topic: Integrated Windows Authentication

Post Reply Post New Topic
Author Message
surabhi
Newbie
Newbie


Joined: 03Apr2007
Online Status: Offline
Posts: 1
Quote surabhi Replybullet Topic: Integrated Windows Authentication
    Posted: 04Apr2007 at 12:07am
Integrated Windows Authentication

Integrated Windows Authentication (IWA), formerly known as NTLM (NT LAN Manager), is a computer networking security protocol which operates in a variety of Microsoft Windows network protocols for authentication purposes.

Like certain other protocols, IWA sits on top of HTTP. Web-browsing software uses it as a single sign-on mechanism, so browsing users can transparently log-on to web services using their Microsoft Windows credentials.

Microsoft developed IWA, and it occurs mostly in Microsoft products, though other sets of software have implemented it as well, as in the Mozilla Firefox web-browser, the Apache web-server and the shell utility cURL.


The protocol
The protocol uses a challenge-response sequence requiring the transmission of three messages between the client (wishing to authenticate) and the server (requesting authentication):

1. The client first sends a Type 1 message containing a set of flags of features supported or requested (such as encryption key sizes, request for mutual authentication, etc.) to the server.
2. The server responds with a Type 2 message containing a similar set of flags supported or required by the server (thus enabling an agreement on the authentication parameters between the server and the client) and, more importantly, a random challenge (8 bytes).
3. Finally, the client uses the challenge obtained from the Type 2 message and the user's credentials to calculate the response. The calculation methods differ based on the NTLM authentication parameters negotiated previously, but in general they apply MD4/MD5 hashing algorithms and DES encryption to compute the response. The client then sends the response to the server in a Type 3 message.
_________________



Post Resume: Click here to Upload your Resume & Apply for Jobs

IP IP Logged
Post Reply Post New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum



This page was generated in 0.512 seconds.
Vyom is an ISO 9001:2000 Certified Organization

© Vyom Technosoft Pvt. Ltd. All Rights Reserved.

Privacy Policy | Terms and Conditions
Job Interview Questions | Placement Papers | Free SMS | Freshers Jobs | MBA Forum | Learn SAP | Web Hosting