axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Woodward <>
Subject NTLM Authentication Limitations
Date Tue, 17 Jan 2006 19:11:51 GMT
Apologies for the intrusion, just wanted to pass on the following
in-case anyone runs across it.

We are using Axis to communicate with a windows web service that
requires NTLM authentication.  Everything was working super (thanks to
all the hard work everyone!), then we ran into a problem with one
particular user.

After much investigation, it turned out that this was because his
password was 15 characters.  NTLM v1 (used by Apache HttpClient) is
limited to 14 bytes for the password.  In the windows world this
doesn't cause a problem as the clients can use NTLMv2, but it means
that a java client must use credentials with less than 14 bytes to be
able to inter-operate.

Just thought I'd mention it.  It isn't a bug, more a known limitation
- but hard to diagnose from the symptoms.  It might be worth a patch
to throw an error if axis is passed credentials with greater than 14
bytes - let me know if you want me to submit this.




View raw message