hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <mboorsht...@gmail.com>
Subject Re: Full NTLMv2 Support Achieved Easily (Was: NTLM authentication with a UPN instead of domain and user name)
Date Thu, 21 Apr 2011 21:14:02 GMT
I find this discussion fascinating. One question, are you saying the Ntlmschemefactory doesn't
work?  I use it as part of my unit tests against adfs 2 running on w2k8r2 64bit and it works
perfectly. 

Thanks
Marc

Sent from my iPad

On Apr 21, 2011, at 5:07 PM, Ron Jacobs <Ron.Jacobs@Reardencommerce.com> wrote:

> I must say that I hadn't wanted to say anything negative about that code
> in my original post(s), but now that you've asked:
> 
> The code now in your 4.1 distribution appears to be minimally (if at
> all) unchanged from some code that I came across during a Google search
> for better supporting NTLM within HttpClient way before I ever upgraded
> to 4.x. I looked at that code in depth sometime last year and concluded
> that there were just too many problems with it.
> 
> Without going into technical details, which I have certainly mostly
> forgotten by now anyway, that code seemed to have been written by
> reverse engineering and guessing about NTLM some time before Microsoft
> (finally) publicly released the NTLM specification. It may have worked
> at one time for some specific combination of Windows parameters and
> options but it was too far away from working for the general cases that
> I needed. You see, unlike many NTLM client-side users that are just
> trying to authenticate against a specific Windows server, I need to work
> with just about any combo of Windows OS versions, service packs,
> registry settings, installed apps, etc.
> 
> So I abandoned that effort and when I recognized the same code inside
> HttpClient, I was not hopeful. It was as I was looking for alternatives
> that I asked the questions that you answered for me last month leading
> me straight to this approach that is working great for us today.
> 
> Seems to me that there is still no "open source" solution that is ready
> to drop into the HttpClient distribution. I believe that the correct
> approach is indeed JCIFS and that your restoring and updating the web
> page is the best solution. If I were "forced" to write some NTLM code
> without licensing issues for HttpClient it would end up looking much
> too uncomfortably close to JCIFS.
> 
> I truly hope that I have offended no one.
> 
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org] 
> Sent: Thursday, April 21, 2011 12:23 PM
> To: HttpClient User Discussion
> Subject: Re: Full NTLMv2 Support Achieved Easily (Was: NTLM authentication with a UPN
instead of domain and user name)
> 
> ...
> 
> PS: Would you be by any change willing to take a look at the default
> NTLM engine distributed with HttpClient and see what may be wrong there?
> It'd be a great contribution to all users of HttpClient.
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message