Wednesday, April 21, 2004

NTLM surprises

Having played around a little more with my NTLM implementation, which for the technically minded omits the LM or LMv2 packet, and just provides an NTLM v2 response, I find that against a standard IIS configuration requiring Integerated Windows Authentication, any user credentials - or none (domain\user and password both empty strings) - appear to work. So it was not surprising that my positive testing (my real credentials) received a 200 OK after I'd responded to the server challenge.

[Now playing - Noir - Snow]

No comments :