Firefox and IIS

Discussion in 'NZ Computing' started by SchoolTech, Feb 20, 2006.

  1. SchoolTech

    SchoolTech Guest

    FF 1.5 for Windows doesn't appear to support Integrated Windows
    Authentication (NTLM). That is, when a site asks for it, FF instead pops
    up the username/password dialog, when it is supposed to transmit the
    user's login name directly back to the server.

    Has anyone else encountered this or are there any fixes planned.
     
    SchoolTech, Feb 20, 2006
    #1
    1. Advertising

  2. On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech wrote:

    > FF 1.5 for Windows doesn't appear to support Integrated Windows
    > Authentication (NTLM). That is, when a site asks for it, FF instead pops
    > up the username/password dialog, when it is supposed to transmit the
    > user's login name directly back to the server.
    >
    > Has anyone else encountered this or are there any fixes planned.


    Why fix something that isn't broken?


    A Nice Cup of Tea

    --
    Buffer overflow attacks. By flooding a program with too much data, a hacker
    can track and manipulate the overflow and trick the system into following his
    instructions as if he were the sysadmin. The technique has been known for
    decades, yet Microsoft still hasn't come up with a way to defend against it.
     
    A Nice Cup of Tea, Feb 20, 2006
    #2
    1. Advertising

  3. SchoolTech

    Fred Dagg Guest

    On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech
    <> exclaimed:

    >FF 1.5 for Windows doesn't appear to support Integrated Windows
    >Authentication (NTLM). That is, when a site asks for it, FF instead pops
    >up the username/password dialog, when it is supposed to transmit the
    >user's login name directly back to the server.
    >
    >Has anyone else encountered this or are there any fixes planned.


    You're half correct. Firefox DOES support NTLM authentication, however
    does require you to enter your username and password.

    Only IE supports fully integrated NTLM authentication.

    Note that Opera does not support NTLM in any way, shape, or form, so
    Firefox's approach is better than nothing.

    What are you accessing? In many cases (eg sharepoint, etc), you really
    need to use IE to get the most out of it, anyway.
     
    Fred Dagg, Feb 20, 2006
    #3
  4. SchoolTech

    Stuart Guest

    "SchoolTech" <> wrote in message
    news:43fa2625$...
    > FF 1.5 for Windows doesn't appear to support Integrated Windows
    > Authentication (NTLM). That is, when a site asks for it, FF instead pops
    > up the username/password dialog, when it is supposed to transmit the
    > user's login name directly back to the server.
    >
    > Has anyone else encountered this or are there any fixes planned.


    You can do this in FF. Go to about:config (type it in the address bar), and
    filter the properties by "ntlm". Change
    network.automatic-ntlm-auth.trusted-uris to include every URL you want NTLM
    to be enabled for.

    Stuart
     
    Stuart, Feb 21, 2006
    #4
  5. A Nice Cup of Tea wrote:
    > Why fix something that isn't broken?
    >
    >
    > A Nice Cup of Tea
    >
    > --
    > Buffer overflow attacks. By flooding a program with too much data, a hacker
    > can track and manipulate the overflow and trick the system into following his
    > instructions as if he were the sysadmin. The technique has been known for
    > decades, yet Microsoft still hasn't come up with a way to defend against it.


    Have any general purpose Operating Systems come up with a way to defend
    against Buffer Overflows? yet?
     
    Nathan Mercer, Feb 21, 2006
    #5
  6. SchoolTech

    Fred Dagg Guest

    On 21 Feb 2006 03:53:44 -0800, "Nathan Mercer" <>
    exclaimed:

    >A Nice Cup of Tea wrote:
    >> Why fix something that isn't broken?
    >>
    >>
    >> A Nice Cup of Tea
    >>
    >> --
    >> Buffer overflow attacks. By flooding a program with too much data, a hacker
    >> can track and manipulate the overflow and trick the system into following his
    >> instructions as if he were the sysadmin. The technique has been known for
    >> decades, yet Microsoft still hasn't come up with a way to defend against it.

    >
    >Have any general purpose Operating Systems come up with a way to defend
    >against Buffer Overflows? yet?


    Don't try to confuse him with facts, Nathan!
     
    Fred Dagg, Feb 21, 2006
    #6
  7. SchoolTech

    SchoolTech Guest

    A Nice Cup of Tea wrote:
    > On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech wrote:
    >
    >> FF 1.5 for Windows doesn't appear to support Integrated Windows
    >> Authentication (NTLM). That is, when a site asks for it, FF instead pops
    >> up the username/password dialog, when it is supposed to transmit the
    >> user's login name directly back to the server.
    >>
    >> Has anyone else encountered this or are there any fixes planned.

    >
    > Why fix something that isn't broken?


    It is broken. The browser sends the wrong header back to the server,
    which can't authenticate the request.
     
    SchoolTech, Feb 21, 2006
    #7
  8. SchoolTech

    SchoolTech Guest

    Nathan Mercer wrote:
    > A Nice Cup of Tea wrote:
    >> Why fix something that isn't broken?
    >>
    >>
    >> A Nice Cup of Tea
    >>
    >> --
    >> Buffer overflow attacks. By flooding a program with too much data, a hacker
    >> can track and manipulate the overflow and trick the system into following his
    >> instructions as if he were the sysadmin. The technique has been known for
    >> decades, yet Microsoft still hasn't come up with a way to defend against it.

    >
    > Have any general purpose Operating Systems come up with a way to defend
    > against Buffer Overflows? yet?
    >


    It is not a function of the operating system. It is a function of the
    programming language used. C doesn't contain built in type length
    checking, so if the programmer doesn't implement such checks, buffer
    overruns can occur.

    Buffer overruns have also been found in Mozilla software.
     
    SchoolTech, Feb 21, 2006
    #8
  9. SchoolTech

    SchoolTech Guest

    Fred Dagg wrote:
    > On Tue, 21 Feb 2006 09:27:54 +1300, SchoolTech
    > <> exclaimed:
    >
    >> FF 1.5 for Windows doesn't appear to support Integrated Windows
    >> Authentication (NTLM). That is, when a site asks for it, FF instead pops
    >> up the username/password dialog, when it is supposed to transmit the
    >> user's login name directly back to the server.
    >>
    >> Has anyone else encountered this or are there any fixes planned.

    >
    > You're half correct. Firefox DOES support NTLM authentication, however
    > does require you to enter your username and password.
    >
    > Only IE supports fully integrated NTLM authentication.
    >
    > Note that Opera does not support NTLM in any way, shape, or form, so
    > Firefox's approach is better than nothing.
    >
    > What are you accessing? In many cases (eg sharepoint, etc), you really
    > need to use IE to get the most out of it, anyway.


    Yeah I guess this work PC will have IE7 beta put on it.
     
    SchoolTech, Feb 21, 2006
    #9
  10. On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:

    >>> Has anyone else encountered this or are there any fixes planned.

    >>
    >> Why fix something that isn't broken?

    >
    > It is broken. The browser sends the wrong header back to the server, which
    > can't authenticate the request.


    It... is... not... "broken". Try configuring it correctly.


    A Nice Cup of Tea

    --
    A: because it messes up threading
    Q: why should I not reply by top-posting?
    A: No.
    Q: Should I include quotations after my reply?
     
    A Nice Cup of Tea, Feb 22, 2006
    #10
  11. SchoolTech

    AD. Guest

    Does your newsserver have Stuarts post on it? It doesn't sound like you
    saw it.

    The one explaining how to configure the list of trusted servers that it
    will use transparent authentication for. Firefox can do transparent
    NTLM - I tihnk it can also do transparent SPNEGO GSSAPI stuff too (I
    haven't tested that yet).

    --
    Cheers
    Anton
     
    AD., Feb 22, 2006
    #11
  12. SchoolTech

    SchoolTech Guest

    On Wed, 22 Feb 2006 13:55:18 +1300, A Nice Cup of Tea <> wrote:

    >On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:
    >
    >>>> Has anyone else encountered this or are there any fixes planned.
    >>>
    >>> Why fix something that isn't broken?

    >>
    >> It is broken. The browser sends the wrong header back to the server, which
    >> can't authenticate the request.

    >
    >It... is... not... "broken". Try configuring it correctly.


    Really...............................
    Do............................you.....................have.......................any..........................idea....................at.......................all.......................how.........................long...................it.........................would....................take...................to.......................configure.........................every........................browser..........................installation.....................on......................every........................PC........................on.........................a........................network?......................What.....................a.........................stupid..............................idea.
     
    SchoolTech, Feb 23, 2006
    #12
  13. On Thu, 23 Feb 2006 13:52:43 +1300, SchoolTech wrote:

    > On Wed, 22 Feb 2006 13:55:18 +1300, A Nice Cup of Tea <> wrote:
    >
    >>On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:
    >>
    >>>>> Has anyone else encountered this or are there any fixes planned.
    >>>>
    >>>> Why fix something that isn't broken?
    >>>
    >>> It is broken. The browser sends the wrong header back to the server,
    >>> which can't authenticate the request.

    >>
    >>It... is... not... "broken". Try configuring it correctly.

    >
    > Really...............................
    > <overlength line snipped>


    Yes. Easily.

    Use a shell script to make the appropriate change to the user's config
    file.

    The other option is to deploy a version of Firefox that has your custom
    setting already set.

    The default settings are good default settings.


    A Nice Cup of Tea

    --
    A: because it messes up threading
    Q: why should I not reply by top-posting?
    A: No.
    Q: Should I include quotations after my reply?
     
    A Nice Cup of Tea, Feb 23, 2006
    #13
  14. SchoolTech

    Dave Doe Guest

    In article <>,
    says...
    > On Wed, 22 Feb 2006 13:55:18 +1300, A Nice Cup of Tea <> wrote:
    >
    > >On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:
    > >
    > >>>> Has anyone else encountered this or are there any fixes planned.
    > >>>
    > >>> Why fix something that isn't broken?
    > >>
    > >> It is broken. The browser sends the wrong header back to the server, which
    > >> can't authenticate the request.

    > >
    > >It... is... not... "broken". Try configuring it correctly.

    >
    > Really...............................
    > Do............................you.....................have.......................any..........................idea....................at.......................all.......................how.........................long...................it.........................would....................take...................to.......................configure.........................every........................browser..........................installation.....................on.......

    ................every........................PC........................on.........................a........................network?......................What.....................a.........................stupid..............................idea.

    If it's Windows Server - about five minutes to configure Group Policy in
    an OU in AD (for IE :)

    --
    Duncan
     
    Dave Doe, Feb 23, 2006
    #14
  15. T'was the Thu, 23 Feb 2006 22:43:24 +1300 when I remembered Dave Doe
    <> saying something like this:

    >If it's Windows Server - about five minutes to configure Group Policy in
    >an OU in AD (for IE :)


    Would it not be possible to include a batch file that modified the
    Firefox config file for each user as they logged in?

    Then again, it's another batch file to run at login.
    --
    Cheers,

    Waylon Kenning.
    See my blog at http://spaces.msn.com/WaylonKenning/
     
    Waylon Kenning, Feb 23, 2006
    #15
  16. SchoolTech

    Fred Dagg Guest

    On Thu, 23 Feb 2006 13:52:43 +1300, SchoolTech
    <> exclaimed:

    >On Wed, 22 Feb 2006 13:55:18 +1300, A Nice Cup of Tea <> wrote:
    >
    >>On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:
    >>
    >>>>> Has anyone else encountered this or are there any fixes planned.
    >>>>
    >>>> Why fix something that isn't broken?
    >>>
    >>> It is broken. The browser sends the wrong header back to the server, which
    >>> can't authenticate the request.

    >>
    >>It... is... not... "broken". Try configuring it correctly.

    >
    >Really...............................


    <stupidity snipped>

    About 5 minutes.

    If you can't figure out how, you shouldn't be a network techie, even
    for schools...
     
    Fred Dagg, Feb 23, 2006
    #16
  17. SchoolTech

    SchoolTech Guest

    On Fri, 24 Feb 2006 02:30:15 +1300, Fred Dagg <>
    wrote:

    >On Thu, 23 Feb 2006 13:52:43 +1300, SchoolTech
    ><> exclaimed:
    >
    >>On Wed, 22 Feb 2006 13:55:18 +1300, A Nice Cup of Tea <> wrote:
    >>
    >>>On Wed, 22 Feb 2006 11:33:33 +1300, SchoolTech wrote:
    >>>
    >>>>>> Has anyone else encountered this or are there any fixes planned.
    >>>>>
    >>>>> Why fix something that isn't broken?
    >>>>
    >>>> It is broken. The browser sends the wrong header back to the server, which
    >>>> can't authenticate the request.
    >>>
    >>>It... is... not... "broken". Try configuring it correctly.

    >>
    >>Really...............................

    >
    ><stupidity snipped>
    >
    >About 5 minutes.
    >
    >If you can't figure out how, you shouldn't be a network techie, even
    >for schools...


    You dont get it do you.
    We don't have to configure IE at all.
    And MS supports its configuration in group policy.
    That means IE is better
    I am the only one who uses FF
    But now IE7 is almost as good we will use that instread.
     
    SchoolTech, Feb 24, 2006
    #17
  18. SchoolTech

    Fred Dagg Guest

    On Fri, 24 Feb 2006 20:43:57 +1300, SchoolTech
    <> exclaimed:

    >>>>> It is broken. The browser sends the wrong header back to the server, which
    >>>>> can't authenticate the request.
    >>>>
    >>>>It... is... not... "broken". Try configuring it correctly.
    >>>
    >>>Really...............................

    >>
    >><stupidity snipped>
    >>
    >>About 5 minutes.
    >>
    >>If you can't figure out how, you shouldn't be a network techie, even
    >>for schools...

    >
    >You dont get it do you.
    >We don't have to configure IE at all.


    Ay? It should be configured in a school environment. It should be
    locked right down.

    >And MS supports its configuration in group policy.
    >That means IE is better


    Does it now? That's a pretty bold ascertion.

    >I am the only one who uses FF
    >But now IE7 is almost as good we will use that instread.


    You really are a fool if you are using BETA software in a production
    environment. Unfortunately it is your client's that will have to pay
    the price, but hopefully some of them will realise just how stupid a
    move that is.
     
    Fred Dagg, Feb 24, 2006
    #18
  19. On Fri, 24 Feb 2006 20:43:57 +1300, SchoolTech wrote:

    >>If you can't figure out how, you shouldn't be a network techie, even for
    >>schools...

    >
    > You dont get it do you.
    > We don't have to configure IE at all.


    That's because, TaDuh, Micro$oft creates both IE AND IIS; and both of them
    are as secure as water passing through a cullinder(sp?).


    > And MS supports its configuration in
    > group policy. That means IE is better


    No - that means Micro$oft wrote IE and is not interested in making it easy
    for people to use any software other than Micro$oft's software.


    A Nice Cup of Tea

    --
    Every major worm other than the original Morris Worm from 1988 has leveraged
    a hole in Microsoft products.
     
    A Nice Cup of Tea, Feb 24, 2006
    #19
  20. SchoolTech

    SchoolTech Guest

    On Fri, 24 Feb 2006 21:03:12 +1300, A Nice Cup of Tea <> wrote:

    >On Fri, 24 Feb 2006 20:43:57 +1300, SchoolTech wrote:
    >
    >>>If you can't figure out how, you shouldn't be a network techie, even for
    >>>schools...

    >>
    >> You dont get it do you.
    >> We don't have to configure IE at all.

    >
    >That's because, TaDuh, Micro$oft creates both IE AND IIS; and both of them
    >are as secure as water passing through a cullinder(sp?).


    Never heard of a cullinder
    Is that made of solid metal?

    MS has put a huge effort into security in recent times and it can be
    seem in the type of products now being offered by them e.g. a server
    core with no Gui.

    >
    >
    >> And MS supports its configuration in
    >> group policy. That means IE is better

    >
    >No - that means Micro$oft wrote IE and is not interested in making it easy
    >for people to use any software other than Micro$oft's software.


    For *anything* that runs on Windows platform a template can be
    provided in group policy/system policy to enable setting to be
    configured.

    Hiwever most third party stuff seems to use their own config or not
    bother at all

    I use FF but where have the FF people bothered to look at unattended
    setup and configuring multiple machines all at once on a network

    Only very recently has even a helpfile been available in FF releases
     
    SchoolTech, Feb 25, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. root
    Replies:
    1
    Views:
    586
  2. Session
    Replies:
    2
    Views:
    492
  3. serge calderara

    IIS configuration and security

    serge calderara, Dec 8, 2003, in forum: MCSE
    Replies:
    1
    Views:
    422
    Andrew Lomakin
    Dec 9, 2003
  4. moe_rodrigue

    IIS 6.0 win2003, IIS users

    moe_rodrigue, Apr 1, 2004, in forum: MCSE
    Replies:
    1
    Views:
    1,084
    MikeF
    Apr 1, 2004
  5. Galpersonal
    Replies:
    8
    Views:
    1,048
    universal4
    Aug 13, 2006
Loading...

Share This Page