Return-Path: 
 <httpclient-users-return-9258-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
X-Original-To: apmail-hc-httpclient-users-archive@www.apache.org
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 04A362B3F
	for <apmail-hc-httpclient-users-archive@www.apache.org>;
 Thu, 21 Apr 2011 21:14:35 +0000 (UTC)
Received: (qmail 24493 invoked by uid 500); 21 Apr 2011 21:14:34 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 24467 invoked by uid 500); 21 Apr 2011 21:14:34 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 24459 invoked by uid 99); 21 Apr 2011 21:14:34 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Apr 2011 21:14:34 +0000
X-ASF-Spam-Status: No, hits=0.0 required=5.0
	tests=FREEMAIL_FROM,MIME_QP_LONG_LINE,RCVD_IN_DNSWL_NONE,RFC_ABUSE_POST,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of mboorshtein@gmail.com
 designates 209.85.220.179 as permitted sender)
Received: from [209.85.220.179] (HELO mail-vx0-f179.google.com)
 (209.85.220.179)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Apr 2011 21:14:28 +0000
Received: by vxi40 with SMTP id 40so97121vxi.10
        for <httpclient-users@hc.apache.org>;
 Thu, 21 Apr 2011 14:14:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:subject:references:from:content-type:x-mailer
         :in-reply-to:message-id:date:to:content-transfer-encoding
         :mime-version;
        bh=yFRl1EUzmZ1ReBRq0dfi4g1T/mBEggH29+tLeiGcM4M=;
        b=S6mpweGmgPWMqnWD4qjAUvTD8R2SUtqYFAmq0DGI3o6JjWMk+xyNDtJXgaSULFdMJB
         RJd2YHDVWt/qTzsGFwWDwCA4w0r2xn0aQnc0zyZO16WOZX6D8P/cOFWlg+KgtIl1hTGT
         dEZZmDPsAjtVI4DKpVoofNsPsVZshSzDblZxM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=subject:references:from:content-type:x-mailer:in-reply-to
         :message-id:date:to:content-transfer-encoding:mime-version;
        b=JwuAqxC1nr12HYdEbk+8Rwe8iX80eWabtlgP1U/7yB/qnDs+RPKZdsBF7slf4hSa8A
         x9kek3ZBJNqaOUJZ2tk2BGy3U4j25RI9VmKgC7froGq/apdDoQDNPKJ9fWCK2bOhFuHq
         /m4oMkHkxzISAz1rKch3okGFiY0ZZP4e8j0ec=
Received: by 10.52.184.202 with SMTP id ew10mr616551vdc.188.1303420447421;
        Thu, 21 Apr 2011 14:14:07 -0700 (PDT)
Received: from [192.168.1.2] (pool-108-28-62-40.washdc.fios.verizon.net
 [108.28.62.40])
        by mx.google.com with ESMTPS id e20sm1125447vbz.8.2011.04.21.14.14.05
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 21 Apr 2011 14:14:06 -0700 (PDT)
Subject: Re: Full NTLMv2 Support Achieved Easily (Was: NTLM authentication
 with a UPN instead of domain and user name)
References: <7111417456398E46A9B10BF94FA04BE40A65A0@fccorpmail03.mygazoo.com>
 <1299866824.27644.18.camel@ubuntu>
 <7111417456398E46A9B10BF94FA04BE40ACD5A@fccorpmail03.mygazoo.com>
 <1303413808.11128.4.camel@ubuntu>
 <7111417456398E46A9B10BF94FA04BE40ACE3C@fccorpmail03.mygazoo.com>
From: Marc Boorshtein <mboorshtein@gmail.com>
Content-Type: text/plain;
	charset=us-ascii
X-Mailer: iPad Mail (8C148)
In-Reply-To: <7111417456398E46A9B10BF94FA04BE40ACE3C@fccorpmail03.mygazoo.com>
Message-Id: <CC70F95D-C5F6-497B-AABA-BCD843F4ACA0@gmail.com>
Date: Thu, 21 Apr 2011 17:14:02 -0400
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (iPad Mail 8C148)

I find this discussion fascinating. One question, are you saying the Ntlmsch=
emefactory doesn't work?  I use it as part of my unit tests against adfs 2 r=
unning on w2k8r2 64bit and it works perfectly.=20

Thanks
Marc

Sent from my iPad

On Apr 21, 2011, at 5:07 PM, Ron Jacobs <Ron.Jacobs@Reardencommerce.com> wro=
te:

> I must say that I hadn't wanted to say anything negative about that code
> in my original post(s), but now that you've asked:
>=20
> The code now in your 4.1 distribution appears to be minimally (if at
> all) unchanged from some code that I came across during a Google search
> for better supporting NTLM within HttpClient way before I ever upgraded
> to 4.x. I looked at that code in depth sometime last year and concluded
> that there were just too many problems with it.
>=20
> Without going into technical details, which I have certainly mostly
> forgotten by now anyway, that code seemed to have been written by
> reverse engineering and guessing about NTLM some time before Microsoft
> (finally) publicly released the NTLM specification. It may have worked
> at one time for some specific combination of Windows parameters and
> options but it was too far away from working for the general cases that
> I needed. You see, unlike many NTLM client-side users that are just
> trying to authenticate against a specific Windows server, I need to work
> with just about any combo of Windows OS versions, service packs,
> registry settings, installed apps, etc.
>=20
> So I abandoned that effort and when I recognized the same code inside
> HttpClient, I was not hopeful. It was as I was looking for alternatives
> that I asked the questions that you answered for me last month leading
> me straight to this approach that is working great for us today.
>=20
> Seems to me that there is still no "open source" solution that is ready
> to drop into the HttpClient distribution. I believe that the correct
> approach is indeed JCIFS and that your restoring and updating the web
> page is the best solution. If I were "forced" to write some NTLM code
> without licensing issues for HttpClient it would end up looking much
> too uncomfortably close to JCIFS.
>=20
> I truly hope that I have offended no one.
>=20
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]=20
> Sent: Thursday, April 21, 2011 12:23 PM
> To: HttpClient User Discussion
> Subject: Re: Full NTLMv2 Support Achieved Easily (Was: NTLM authentication=
 with a UPN instead of domain and user name)
>=20
> ...
>=20
> PS: Would you be by any change willing to take a look at the default
> NTLM engine distributed with HttpClient and see what may be wrong there?
> It'd be a great contribution to all users of HttpClient.
>=20

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org