hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pankaj Arora" <PAro...@castiron.com>
Subject RE: FW: HttpClient authentication problem.
Date Fri, 18 May 2007 18:44:36 GMT
Hi,
So when is 4.0 expected and is there a chance that NTLM v2 is also implemented. As the authentication
guide states:
#

Cannot authenticate with Microsoft IIS using NTLM authentication scheme

NT Lan Manager (NTLM) authentication is a proprietary, closed challenge/response authentication
protocol for Microsoft Windows. Only some details about NTLM protocol are available through
reverse engineering. HttpClient provides limited support for what is known as NTLMv1, the
early version of the NTLM protocol. HttpClient does not support NTLMv2 at all.

Workaround: Disable NTLMv2. For details refer to this Microsoft Support Article


I would like to use NTLM v 2.0 would be great if this can be added as well.

Thanks,
Pankaj Arora


-----Original Message-----
From: Roland Weber [mailto:ossfwot@dubioso.net]
Sent: Fri 5/18/2007 11:10 AM
To: HttpComponents Project
Subject: Re: FW: HttpClient authentication problem.
 
Hi Odi,

> I would actually consider this a security issue in the connection
> managers: It may hand out an already authenticated connection to an
> unsuspecting client. We should add fields to HttpConnection that keep
> track of the credentials for connection oriented AuthSchemes. So
> connection managers can take this into account. Also the connection
> managers lack a parameter in the getConnection methods that carries
> authentication information for connection based auth schemes.

It's on my list for 4.0, though it won't make it into client alpha1:
http://wiki.apache.org/jakarta-httpclient/ConnectionManagementDesign
It's not urgent since we won't have NTLM support for a while.

I don't think we can or should squeeze this into 3.x anymore.

cheers,
  Roland

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org




Mime
View raw message