Requesting NTLM autontication ... !

  • Thread starter Thread starter John Smith
  • Start date Start date
J

John Smith

Hi All.

Assuming there exist 2 stations A and B, on the network

Is there anyway (programmatically) that an application running on station A
will send a NTLM autontication request to B so that B will send the NTLM
tokens information to A ?

Please, let me know if you need more clarifications.

Thanks in advance.
 
If you have clear the model of GSSAPI, you should be able to answer
yourself.

NTLM is a 3 leg authentication protocol.

The security context initiating the authentication (the client)
will request a 'SECBUFFER_TOKEN' from the security context,
then it will supply the token to the server, the server will return the
challenge,
and the client will have to aswer back to the challenge.
This is accomplished by the client generating the tokens with
InitiazeSecurityContext,
and the server generating the challenges via AcceptSecurityContext.

All of this is done 'under the cover' all the time you initiate
and authetication against a remote machine.
The actual buffers coming from the InitializeSecurityContext are
"embedded/encoded" in some protocol dependent format.
It could be the Authenticate header in HTTP with Windows Integrated
Security,
it could be the bind PDU for DCOM/RPC.
The challenge would come back in yet-one-other protocol dependet way,
like the bind_ack PDU for DCOM/RPC, and other headers for HTTP.
SMB/CIFS works this way as well.

I guess your question could have a better answer if some more
context is provided.
 
Back
Top