hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Httpclient and NTLMv1 protocol support
Date Wed, 06 May 2009 18:36:48 GMT
yoga p wrote:
> Hi Oleg,
> 
> Thanks for you suggestion.
> 
> So it seems that httpclient-3.0-rc2 does not support NTLM v1 completely. To
> make it work, 'Network security: Do not store LAN Manager Hash value on next
> password change.' setting needs to be disabled which indicates that
> httpclient-3.0-rc2 works fine with earlier version of NTLM v1 which I assume
> is LAN Manager (LM). *Is this correct?*
> 

How I am supposed to know? NTLM is a proprietary authentication scheme, 
which until recently did not have any publicly available documentation 
at all. If you are a Microsoft paying customer consider contacting 
Microsoft official support channels.

> Also, I looked at the guide (url you sent me) and found out that
> httpclient-4.0 does not support NTLM out of the box due to legal (licensing)
> issues. But if required, end user can use some 3rd party NTLM implementation
> and use it in httpclient-4.0.
> Please advise.
> 

Generally my advice is to NOT use NTLM. You'll be much better off in 
terms of security with SSL + Basic authentication.

Oleg

> Thanks again for your help.
> 
> Mr. Yoga
> On Wed, May 6, 2009 at 10:12 AM, Oleg Kalnichevski <olegk@apache.org> wrote:
> 
>>  On Wed, May 06, 2009 at 09:36:30AM -0700, yoga p wrote:
>>> Hi,
>>>
>>> We are using HttpClient (commons-httpclient-3.0-rc2.jar) for NTLM
>>> Authentication and currently facing issues when the following security
>>> settings in Windows Server 2003 or (win xp) is enabled:
>>> Control Panel -> Administrative Tools -> Domain Security Policy -> Local
>>> Policies -> Security Options -> Network security: Do not store LAN
>> Manager
>>> Hash value on next password change.
>>> Click Enabled and then click OK.
>>> After setting this property, NTLM authentication fails with following
>> error:
>>> HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
>>> credentials.
>>> Has anyone faced similar issue? If so, is there any possible work around
>>> other than disabling above setting?
>>> Also, does it mean that httpclient not supporting NTLM v1?
>>> In the authentication guide of httpclient (
>>> http://hc.apache.org/httpclient-3.x/authentication.html), under known
>>> limitations and problems, it is mentioned that "HttpClient provides
>> limited
>>> support for what is known as NTLMv1, the early version of the NTLM
>>> protocol." Does anybody know what is the early version of the NTLM
>> protocol?
>>> Thanks in advance.
>>>
>>> Mr. Yoga
>> Your only option is upgrading to HttpClient 4.0 and following this guide:
>>
>> http://hc.apache.org/httpcomponents-client/ntlm.html
>>
>> Oleg
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message