hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19185] - NTLM Authentication Fails
Date Mon, 21 Apr 2003 21:35:46 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19185>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19185

NTLM Authentication Fails





------- Additional Comments From adrian@ephox.com  2003-04-21 21:35 -------
Oleg,
The NTLM challenge is mutable, however the start of the NTLM sequence is
indicated by:

WWW-Authenticate: NTLM

in which case the string will be empty and HttpMethodBase will store:
host:port:
into the hash map correctly.  When the second response is received it will not
match that string and HttpClient will continue the authentication process.  If
authentication fails at the second step, the server will reply with:
WWW-Authenticate: NTLM

again which will match what is in the realm hash map and authentication will
abort.  Additionally, the first response HttpClient sends in the auth process
contains the username, domain and host so it is not possible for a server to
expect authentication to work if it skips the first response after an
unsuccessful auth session.

In short, it's safe to use the entire NTLM challenge.

Mime
View raw message