hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1488) Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth, JCIFS doesn't
Date Fri, 21 Mar 2014 11:06:43 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13942964#comment-13942964

Karl Wright commented on HTTPCLIENT-1488:

Hi Andreas,

Can you provide a stack trace of the actual error you are seeing?

In general though, it's difficult enough to make sure an NTLM engine authenticates properly
against all the varieties and configurations of Windows, let alone some third party's attempt
to emulate Windows.  The JCIFS implementation is notable because it does the minimum possible
to perform the authentication; it's not surprising at all that the current HttpClient implementation
would be more careful and more restrictive.

If you can show that all versions of Windows successfully authenticate against Squid's fake
ntlm implementation, then I think you have a case; until then, you might be better served
opening a ticket against Squid. ;-)

> Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth, JCIFS doesn't
> ---------------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1488
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1488
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.3
>         Environment: Squid 4.3.3
> JCIFS 1.3.17
>            Reporter: Andreas Sewe
>         Attachments: builtin.pcap.gz, jcfis.pcap.gz
> I used the provided ClientProxyAuthentication example <https://hc.apache.org/httpcomponents-client-4.2.x/httpclient/examples/org/apache/http/examples/client/ClientProxyAuthentication.java>
to authenticate with NTML against a local Squid instance, using its ntlm_fake_auth helper
(only does the handshake, all credentials are considered valid).
> Unfortunately, this fails with the NTLM engine built into version 4.3.3 (also tested
with 4.2.1: same result). Following the guidance of <http://hc.apache.org/httpcomponents-client-ga/ntlm.html>,
I got it working with JCIFS. Is Squid not implementing NTLM as expected by HttpComponents?
> I added two Wireshark captures to show the differences in handshake behaviour between
the built-in and JCIFS engines. Hope that helps.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message