hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1662) NTLM auth failed because NTLMEngineImpl strip domain to base domain name
Date Wed, 24 Jun 2015 15:49:04 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599611#comment-14599611
] 

Oleg Kalnichevski commented on HTTPCLIENT-1662:
-----------------------------------------------

[~kwright@metacarta.com] et al: We no longer need to maintain backward compatibility in trunk
(5.0 branch). Please feel free to change  NTCredential (or any other class for that matter)
as you deem best. We might (or might not) later back-port the changes to a stable feature
branch.

I am currently re-visiting and rewriting authentication APIs in the trunk. One thing I intend
to do is to make Credentials optional for non RFC 2617 schemes that rely on credentials more
complex than a trivial username / password pair. At this point we are in position to change
about anything in trunk.  

Oleg

> NTLM auth failed because NTLMEngineImpl strip domain to base domain name
> ------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1662
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1662
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.5
>         Environment: HttpClient 4.3, 4.5
> A http site with NTLM auth
> A domain which Netbios name is not match domain name(e.g. domain=mydomain.com; netbios
name= testdomain)
>            Reporter: Colin
>            Assignee: Karl Wright
>         Attachments: HTTPCLIENT-1662.patch
>
>
> When generate type 3 message, we change the domain name to base domain name:
> {code}
>             // Use only the base domain name!
>             final String unqualifiedDomain = convertDomain(domain);
> {code}
> {code}
>     /** Strip dot suffix from a name */
>     private static String stripDotSuffix(final String value) {
>         if (value == null) {
>             return null;
>         }
>         final int index = value.indexOf(".");
>         if (index != -1) {
>             return value.substring(0, index);
>         }
>         return value;
>     }
>     /** Convert domain to standard form */
>     private static String convertDomain(final String domain) {
>         return stripDotSuffix(domain);
>     }
> {code}
> I got http 401 in my environment with correct credential and found the root cause is
those code got wrong domain name so the domain controller return a NTLM sub status code 0xC0000064,
which means " The username you typed does not exist!"
> The Netbios name of a domain is the "Pre Windows 2000 name" of the domain.
> Is there any issue to use full domain name?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message