Re: Capturing Windows Login Name

---

• From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
• Date: Sun, 03 Feb 2008 17:10:08 -0500

---

Manuel Lemos wrote:

on 02/03/2008 05:19 PM Jerry Stuckle said the following:

NTLM is a more secure authentication protocol than Basic because
passwords are never sent to the server and it saves the users from the
annoyance of typing their user names and passwords again.

I am well aware of how it works because I implemented the SASL PHP
library, that among other protocols supports NTLM.

http://www.phpclasses.org/sasl

So what? I'm quite aware how it works, also.

It is used by HTTP, POP3, SMTP client classes to access servers of
these
protocols under Intranets that require NTLM authentication:

http://www.phpclasses.org/httpclient

http://www.phpclasses.org/pop3class

http://www.phpclasses.org/smtpclass

Gee, more of your lame classes?

I have an hard time understanding why you need to be so hostile and
depart to personal insult against a person that did nothing against you.

I just presented examples on which NTLM authentication is used. I do not
use Windows. I just use Linux, but I studied NTLM and other
authentication protocols in depth to add support to them by request of
the users of those classes.

It is not really relevant, but those classes are quite popular and well
rated as you may check in Freshmeat. Regardless of what you think, they
address needs of many tens of thousands of PHP developers.

And there are thousands of programmers who depend on register_globals,
short_open_tags and insecure formmail scripts. Popularity does not
indicate quality.

You conviniently ignored the fact that I said those classes are also
well rated.

So? That means nothing until you qualify the raters.

Many PHP developers know the quality of my work. I don't need to prove
it here. But coincidentaly, I was recently invited to speak in the Zend
Developer zone in one of their podcasts. It was just released and it
talks precisely about one of the classes I mentioned above.

Yep, I've heard from others about the 'quality' of your work.

And so you were invited to talk in the Zend Developer Zone? Over the years I've been asked to speak at many different forums. Big deal.

http://devzone.zend.com/article/3049-PHP-Abstract-Podcast-Episode-34-Streams-Abstraction

The transcript is here:

http://www.phpclasses.org/blog/post/74-A-PHP-killer-feature--Streams-abstraction.html

Please be serious, trying to hummiliate me and minimize the quality of
my work in a public forum like this, only speaks against your
credibility and reputation. If you value your reputation and credibility
you may want to rethink what you say against others.

No, I'm not trying to humiliate you. I'm just telling you that not everyone shares your own image of your work. And the more you defend it, the less it must be worth.

Seeing you calling them lame, I assume that you either do not know the
classes and/or just want again to turn a pure technical thread into a
personal attack full of free insults from your part.

You're the one who brought them up as examples of your "proficiency".
You don't like my opinion of them? Guess what. Tough tootsies.

I (and probably anybody else here) do not care about your opinion when
your intention is to be hostile and minimize my work based on ill
feelings from you just like you expressed. If you don't know how to
respect and disagree with people without being hostile, it is not going
to be me that is going to teach you. Hate speech and hostility from you
or anybody, for me is end of thread.

This has nothing at all to do with ill feelings. This has everything to do with your claims about your "abilities" not being shared by all - especially some very experienced programmers.

Anyway, if trying to insult me is your intention, nevermind, I am not
going to follow-up. If you insist with the insulting tone, rest assured
that I will leave you talking to the walls.

If the authentication succeeds, the server allows the access of
whatever
page (including PHP scripts).

This is a multi-step protocol. The user name is only passed to the
server in the last step, if the previous steps succeed.

The idea is to not make the user enter the same password again to
access
a site under the same Windows controller domain, after he has
logon on
his Windows machine account that belongs to the same Windows domain.

But it cannot be done by any website to any computer with no
control by
the user.

I never said it could.

You intimated that any browser would pass along your logon name to any
website which requested it. And I'm saying this is NOT the case.

No, if you read me again you may notice that I explained "This is a
multi-step protocol. The user name is only passed to the server in the
last step, if the previous steps succeed."

That's correct. But you never iterated exactly what those steps are,
did you. Leaving people to assume that they can get the logon id from
any system.

That is just you jumping to conclusions about something I never said.

Nope, that's YOU leaving out very important information.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

---

• Follow-Ups:
  • Re: Capturing Windows Login Name
    • From: Manuel Lemos
  • Re: Capturing Windows Login Name
    • From: Adan Nada

• References:
  • Capturing Windows Login Name
    • From: K. A.
  • Re: Capturing Windows Login Name
    • From: Manuel Lemos
  • Re: Capturing Windows Login Name
    • From: Jerry Stuckle
  • Re: Capturing Windows Login Name
    • From: Manuel Lemos
  • Re: Capturing Windows Login Name
    • From: Jerry Stuckle
  • Re: Capturing Windows Login Name
    • From: Manuel Lemos
  • Re: Capturing Windows Login Name
    • From: Jerry Stuckle
  • Re: Capturing Windows Login Name
    • From: Manuel Lemos
  • Re: Capturing Windows Login Name
    • From: Jerry Stuckle
  • Re: Capturing Windows Login Name
    • From: Manuel Lemos

• Prev by Date: Re: Block web page for specified IP
• Next by Date: Re: why does 69.99*100=6998?
• Previous by thread: Re: Capturing Windows Login Name
• Next by thread: Re: Capturing Windows Login Name
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Workgroup ... I have one XP Home used as a file server and 5 other PCs ... >>protocols are installed, it can access the internet, ... >than one protocol can make the network unreliable, ... >Windows XP Network Protocols ... (microsoft.public.windowsxp.network_web) Re: Win95 and WinXP Workgroup - troubleshooting shares ... >>>Windows XP Pro SP2 ... the multiple protocols are going to be a problem. ... >> transport on just one computer is useless. ... Isn't AD just part of server operating systems like Win2000 ... (microsoft.public.windowsxp.network_web) RE: Rights issues with renamed server ... passwords, please refer to: ... Windows http://support.microsoft.com/?id=325850 ... The Netdom tool is in the Support Tool of Windows server, ... computer and send me the .cab file for analyze. ... (microsoft.public.windows.server.sbs) RE: Windows 2003 - Dumping Service Passwords ... Windows 2003 - Dumping Service Passwords ... Windows 2003 server which is a domain member server and have admin ... I understand the passwords for the services are stored in the LSA and I ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) RE: Windows 2003 - Dumping Service Passwords ... Windows 2003 - Dumping Service Passwords ... Windows 2003 server which is a domain member server and have admin ... I understand the passwords for the services are stored in the LSA and I ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)