hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ossf...@dubioso.net>
Subject Re: NTLMv2 in Apache HttpClient
Date Wed, 05 Mar 2008 17:26:29 GMT
Hi Cathy,

> I want to point out that everything I need to implement for our purposes
> doesn't need to be contributed back to Apache.  If you don't wish to see

"don't wish to see" is a bit more than I intended to express. I don't
think that the *HC* *repository* is the right place for such code. If
it's OK for you and IBM, you could for example attach that part of the
code to a JIRA issue, and we would point interested parties there. We
could also run the code through the IP clearance, so that other projects
at Apache can use it without further ado. In particular, I assume that
Harmony[1] could make good use of such a contribution. They have
to deal with native and platform specific code anyway, so that is not
an additional burden to them. Some IBMers are also active there.

[1] http://harmony.apache.org/

> the integrated Windows authentication, that can be something that I wrapper
> into my own implementation.  In that case, I would just contribute an
> NTLMv2 implementation in pure Java that would require a username, password,
> and domain to be entered.

That seems to be the best strategy to go forward. What you will
probably need is a plugin point where a hash is computed from the
username/password/domain data. Windows will not give you the
password in clear text, you'll only get the precomputed hash (iirc).
So the API needs to be callable with actual credentials, in which
case the hash is computed from the data. And it needs to be callable
without credentials, in which case the hash is obtained through a
native call. We can help you with the API design, but I won't be
able to contribute code in this area since I had a look at the
SUN Java code for NTLM authentication a few years ago. That doesn't
match the clean room requirements.

> IBM is usually pretty good about contributing back to open source.

Yes, processes obviously have improved a lot since I last had to do
with them. At the time, there was nothing short of starting a new
project worth several person-years that would have justified the
effort of getting the approval to contribute anything at all :-)

cheers,
   Roland


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message