Contact

admin

About Me · Send mail to the author(s) E-mail · Twitter

At GROSSWEBER we practice what we preach. We offer trainings for modern software technologies like Behavior Driven Development, Clean Code and Git. Our staff is fluent in a variety of languages, including English.

Feed Icon

Tags

Open Source Projects

Archives

Blogs of friends

Now playing [?]

Error retrieving information from external service.
Audioscrobbler/Last.fm

ClustrMap

Automatic NTLM Authentication in Firefox

Posted in Tools and Software | Browser at Friday, April 28, 2006 11:47 AM W. Europe Daylight Time

I didn't know this is possible, but Firefox actually supports automatic NTLM authentication for certain domains. Whereas there's a global setting in IE to enable Windows Integrated Authentication, you'll have to enable NTLM authentication in Firefox on a per-domain basis.

This is especially useful if you are browsing intranet sites using Firefox that require NTLM authentication. In this case Firefox will bug you with a username/password dialog when accessing the site unless the domain isn't whitelisted.

Firefox NTLM Settings

There are good reasons for explicit whitelisting:

By default, Mozilla rejects all SPNEGO challenges from a web server. This is to protect the user from the possibility of DNS-spoofing being used to stage a man-in-the-middle exploit (see bug 17578 for more info). Moreover, with Windows clients NTLM may be negotiated as the authentication protocol. So, it is paramount that the browser does not freely exchange NTLM user credentials with any server that requests them. The NTLM response includes a hash of the user's logon credentials. On older versions of Windows this hash is computed using a relatively weak algorithm (see Hertel for more info on NTLM authentication).

[Via Dare Obasanjo]

Now playing: Big Bud - Fear of flying - Rice'n'beans

Monday, December 22, 2008 7:05:28 AM (W. Europe Standard Time, UTC+01:00)
Thanks for this - fixed an intranet bugbear of mine
Luke
Wednesday, January 19, 2011 9:08:46 PM (W. Europe Standard Time, UTC+01:00)
Is there a way to add a wildcard value? I am on a large network with tons of server123.server.com and it would be impossible to add each value into the string.
Wednesday, January 19, 2011 9:15:13 PM (W. Europe Standard Time, UTC+01:00)
Yes, server.com will match server123.server.com.
All comments require the approval of the site owner before being displayed.
(will show your gravatar icon)
 
[Captcha]Enter the code shown (prevents robots):

Live Comment Preview