hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38072] New: - Http Client: NTLM Authorization does not work with servers that require NTLM response in the authorization
Date Thu, 29 Dec 2005 16:45:29 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38072>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38072

           Summary: Http Client: NTLM Authorization does not work with
                    servers that require NTLM response in the authorization
           Product: HttpClient
           Version: 3.0 RC4
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HttpAuth
        AssignedTo: httpclient-dev@jakarta.apache.org
        ReportedBy: twaisel@mercury.com


I've tried to get http client to use NTLM authentication 
or Proxy Authentication with NTLM (for the proxy, not the server),
In both cases I see that in the Authorization/Proxy Authorization header, 
only the LAN Manager response is sent and not the NTLM response (I've seen this 
in a sniffer and in the code itself, see below).
This will not work with servers that their security settings does not allow 
this, 
Some require NTLM and do not allow to receive only LM. (NTLM is more secure).

I've looked at the NTLM.java class (In org.apache.commons.httpclient), 
and looks like it really does not send the NTLM response on purpose
(It sets its length to zero).

To check the security settings in windows go to:
Control Panel -> Administrative Tools ->
Local Security Policy -> Local Policies ->
Security Options -> LAN Manager authentication Level

Note that Domain settings override local settings

Is there a way to make it work? (Assuming I can't force the server to accept 
LAN Manager response only),
And if not, is it planned to be supported in the http client?

Thanks,
Tali.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message