hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1139) NTLM Authentication No Longer Working In Latest Release
Date Mon, 24 Oct 2011 19:44:33 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13134409#comment-13134409
] 

Oleg Kalnichevski commented on HTTPCLIENT-1139:
-----------------------------------------------

As I suspected 

---
DEBUG[pool-1-thread-1] (AbstractAuthenticationHandler.java:151) - Authentication schemes in
the order of preference: [negotiate, NTLM, Digest, Basic]
DEBUG[pool-1-thread-1] (AbstractAuthenticationHandler.java:161) - negotiate authentication
scheme selected
DEBUG[pool-1-thread-1] (NegotiateScheme.java:316) - Received challenge '' from the auth server
DEBUG[pool-1-thread-1] (DefaultRequestDirector.java:1196) - Authorization challenge processed
DEBUG[pool-1-thread-1] (DefaultRequestDirector.java:1224) - Authentication scope: NEGOTIATE
<any realm>@192.168.3.44:80
DEBUG[pool-1-thread-1] (DefaultRequestDirector.java:1231) - Found credentials
DEBUG[pool-1-thread-1] (NegotiateScheme.java:179) - init 192.168.3.44
ERROR[pool-1-thread-1] (RequestTargetAuthentication.java:113) - Authentication error: Invalid
name provided (Mechanism level: Could not load configuration file C:\Windows\krb5.ini (The
system cannot find the file specified))
---

HttpClient 4.1.2 picks the SPNEGO/Kerberos auth scheme over NTLM, which apparently has not
been properly set up. You basically have three options here
(1) Setup SPNEGO/Kerberos
(2) Unregister the Negotiate scheme altogether
(3) Modify auth scheme order of preference to make HttpClient pick NTLM over SPNEGO/Kerberos.

Oleg


 

                
> NTLM Authentication No Longer Working In Latest Release
> -------------------------------------------------------
>
>                 Key: HTTPCLIENT-1139
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1139
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.2
>         Environment: testing on Windows x64, using SharePoint 2010 as a test server that
accepts NTLM auth
>            Reporter: Jeff Nadler
>             Fix For: 4.2 Alpha1
>
>         Attachments: HttpClient4.0.3-NTLMWire, HttpClient4.1.2-NTLMWire
>
>
> Our application has been working fine using NTLM auth with HttpClient for 3 years.  
We were most recently on 4.0.3.    Upon upgrading to 4.1.2, NTLM stopped working.
> I tried both the new for 4.1 built-in NTLM and the "old way" of using JCIFS: client.getAuthSchemes().register("ntlm",
new NTLMSchemeFactory()); 
> Using wireshark I can see that NTLM auth is not even attempted using 4.1.2.    Rolling
back to 4.0.3 immediately resolved this problem.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message