hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM implementation prevent authentication on some servers
Date Tue, 04 Dec 2012 15:26:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509792#comment-13509792
] 

Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------

Code is written; writing fairly extensive tests now, and will try in the field before I attach
a patch.

Several problems discovered - notably (so far):

- ntlmv2 response broken because blob too short by 8 bytes
- handling of "request ntlm2 response" not correct when target and targetinfo present (which
apparently is the case now in the newest NTLM release by microsoft)
- missing "domain present" and "workstation present" flag settings in Type 1 message

I am also adding calculation of session key; this is done by cURL but is not particularly
useful for HTTP interactions.  We'll see how that works out in the end.

                
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1266
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.2.2
>            Reporter: Karl Wright
>             Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows
2008 Server R2) which seem to be configured in a way that the connector cannot authenticate
with them using httpcomponents NTLM.  It's worth noting that cURL succeeds, so the NTLM setup
is apparently reasonable.  Furthermore, the mcf patched version of commons-httpclient also
fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in
some cases, inconsistent with the data we include.  I am working on a httpclient patch, which
I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message