Return-Path: Mailing-List: contact commons-httpclient-dev-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list commons-httpclient-dev@jakarta.apache.org Received: (qmail 10910 invoked from network); 21 Apr 2003 21:33:44 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 21 Apr 2003 21:33:44 -0000 Received: (qmail 26463 invoked by uid 50); 21 Apr 2003 21:35:46 -0000 Date: 21 Apr 2003 21:35:46 -0000 Message-ID: <20030421213546.26462.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: commons-httpclient-dev@jakarta.apache.org Cc: Subject: DO NOT REPLY [Bug 19185] - NTLM Authentication Fails X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19185 NTLM Authentication Fails ------- Additional Comments From adrian@ephox.com 2003-04-21 21:35 ------- Oleg, The NTLM challenge is mutable, however the start of the NTLM sequence is indicated by: WWW-Authenticate: NTLM in which case the string will be empty and HttpMethodBase will store: host:port: into the hash map correctly. When the second response is received it will not match that string and HttpClient will continue the authentication process. If authentication fails at the second step, the server will reply with: WWW-Authenticate: NTLM again which will match what is in the realm hash map and authentication will abort. Additionally, the first response HttpClient sends in the auth process contains the username, domain and host so it is not possible for a server to expect authentication to work if it skips the first response after an unsuccessful auth session. In short, it's safe to use the entire NTLM challenge.