hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1139) NTLM Authentication No Longer Working In Latest Release
Date Mon, 24 Oct 2011 19:44:33 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13134409#comment-13134409

Oleg Kalnichevski commented on HTTPCLIENT-1139:

As I suspected 

DEBUG[pool-1-thread-1] (AbstractAuthenticationHandler.java:151) - Authentication schemes in
the order of preference: [negotiate, NTLM, Digest, Basic]
DEBUG[pool-1-thread-1] (AbstractAuthenticationHandler.java:161) - negotiate authentication
scheme selected
DEBUG[pool-1-thread-1] (NegotiateScheme.java:316) - Received challenge '' from the auth server
DEBUG[pool-1-thread-1] (DefaultRequestDirector.java:1196) - Authorization challenge processed
DEBUG[pool-1-thread-1] (DefaultRequestDirector.java:1224) - Authentication scope: NEGOTIATE
<any realm>@
DEBUG[pool-1-thread-1] (DefaultRequestDirector.java:1231) - Found credentials
DEBUG[pool-1-thread-1] (NegotiateScheme.java:179) - init
ERROR[pool-1-thread-1] (RequestTargetAuthentication.java:113) - Authentication error: Invalid
name provided (Mechanism level: Could not load configuration file C:\Windows\krb5.ini (The
system cannot find the file specified))

HttpClient 4.1.2 picks the SPNEGO/Kerberos auth scheme over NTLM, which apparently has not
been properly set up. You basically have three options here
(1) Setup SPNEGO/Kerberos
(2) Unregister the Negotiate scheme altogether
(3) Modify auth scheme order of preference to make HttpClient pick NTLM over SPNEGO/Kerberos.



> NTLM Authentication No Longer Working In Latest Release
> -------------------------------------------------------
>                 Key: HTTPCLIENT-1139
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1139
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.1.2
>         Environment: testing on Windows x64, using SharePoint 2010 as a test server that
accepts NTLM auth
>            Reporter: Jeff Nadler
>             Fix For: 4.2 Alpha1
>         Attachments: HttpClient4.0.3-NTLMWire, HttpClient4.1.2-NTLMWire
> Our application has been working fine using NTLM auth with HttpClient for 3 years.  
We were most recently on 4.0.3.    Upon upgrading to 4.1.2, NTLM stopped working.
> I tried both the new for 4.1 built-in NTLM and the "old way" of using JCIFS: client.getAuthSchemes().register("ntlm",
new NTLMSchemeFactory()); 
> Using wireshark I can see that NTLM auth is not even attempted using 4.1.2.    Rolling
back to 4.0.3 immediately resolved this problem.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message