hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1624) NTLMresp in type3message is being generated wrong when using NEGOTIATE_NTLM2_KEY
Date Fri, 27 Feb 2015 19:31:04 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14340672#comment-14340672

Karl Wright commented on HTTPCLIENT-1624:

Hi Jason,

There are a couple of different modes you can operate your Windows server in.  When you say
you've tested Windows 7 and Windows 8, I am not sure what you mean by that.  Specifically,
what I think you would need to do is to read articles like this one:


... and alter the configuration accordingly, to see how NTLM behaves.  So this is what I recommend:

(1) First, in the absence of any of your custom changes, try modifying a server's configuration
to cover all different variants, e.g. NTLMv1, NTLMv2, and NTLM 2 Session Response.  Use wireshark
to be sure the NTLM exchange is working as expected, and that all three modes are being exercised.
 Record the Type 1 and Type 2 message flags from each configuration for later analysis.

(2) Now, make your custom changes, and repeat the process.  Some of the Type 2 flags will
change, and some of the protocol exchanges will fail to work.  Record the new flags and whether
the authentication succeeded or not.

(3) Attach a matrix to this ticket with the following columns: "Current/modified", "Type 1
flags", "Type 2 flags", "Success/failure" .  From that maybe we can figure out how to change
the logic.


> NTLMresp in type3message is being generated wrong when using NEGOTIATE_NTLM2_KEY
> --------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-1624
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1624
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.3.6, 4.4 Final
>         Environment: Running from a linux box, connecting to a windows 7 machine.
>            Reporter: Jason Forand
>            Assignee: Karl Wright
>         Attachments: wireshark_400.pcapng
> When connecting to a windows host using NTLM authentication, if the windows host passes
back the 
> flags, (in this case the offending flag is NEGOTIATE_NTLM2_KEY) the type3 message is
generating an ntresp using 
> http://davenport.sourceforge.net/ntlm.html#theNtlmv2Response when it should be generating
according to http://davenport.sourceforge.net/ntlm.html#theNtlm2SessionResponse 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message