hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cathy L Kegley <ckeg...@us.ibm.com>
Subject Re: NTLMv2 in Apache HttpClient
Date Wed, 05 Mar 2008 20:16:44 GMT

Hi Roland,

Help with the APIs would be greatly appreciated.  I still need to review
the details of the Apache implementation of NTLMv1, but you are correct in
that I will need a plugin point where the hashes are computed.  Since your
mind is tainted from the Sun implementation, who can I work with to make
sure my solution is something both IBM and Apache are happy with?

To give you an idea of my time frame, I hope to have a working
implementation by the end of May or mid-June.  (Unless things go awry.)

Thanks!

Cathy Kegley


Lotus Expeditor Runtime Development
512.838.1229 (T/L: 678.1229)
ckegley@us.ibm.com


                                                                                         
                                                         
  From:       Roland Weber <ossfwot@dubioso.net>                                   
                                                               
                                                                                         
                                                         
  To:         HttpComponents Project <dev@hc.apache.org>                           
                                                               
                                                                                         
                                                         
  Date:       03/05/2008 11:25 AM                                                        
                                                         
                                                                                         
                                                         
  Subject:    Re: NTLMv2 in Apache HttpClient                                            
                                                         
                                                                                         
                                                         





Hi Cathy,

> I want to point out that everything I need to implement for our purposes
> doesn't need to be contributed back to Apache.  If you don't wish to see

"don't wish to see" is a bit more than I intended to express. I don't
think that the *HC* *repository* is the right place for such code. If
it's OK for you and IBM, you could for example attach that part of the
code to a JIRA issue, and we would point interested parties there. We
could also run the code through the IP clearance, so that other projects
at Apache can use it without further ado. In particular, I assume that
Harmony[1] could make good use of such a contribution. They have
to deal with native and platform specific code anyway, so that is not
an additional burden to them. Some IBMers are also active there.

[1] http://harmony.apache.org/

> the integrated Windows authentication, that can be something that I
wrapper
> into my own implementation.  In that case, I would just contribute an
> NTLMv2 implementation in pure Java that would require a username,
password,
> and domain to be entered.

That seems to be the best strategy to go forward. What you will
probably need is a plugin point where a hash is computed from the
username/password/domain data. Windows will not give you the
password in clear text, you'll only get the precomputed hash (iirc).
So the API needs to be callable with actual credentials, in which
case the hash is computed from the data. And it needs to be callable
without credentials, in which case the hash is obtained through a
native call. We can help you with the API design, but I won't be
able to contribute code in this area since I had a look at the
SUN Java code for NTLM authentication a few years ago. That doesn't
match the clean room requirements.

> IBM is usually pretty good about contributing back to open source.

Yes, processes obviously have improved a lot since I last had to do
with them. At the time, there was nothing short of starting a new
project worth several person-years that would have justified the
effort of getting the approval to contribute anything at all :-)

cheers,
   Roland


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org



Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message