hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From LogbackUser <amits...@gmail.com>
Subject Re: Commons HTTP Client 3.1 - NTLM Response Empty
Date Mon, 29 Aug 2011 17:24:17 GMT

Thanks Oleg. 

On having a look at httpcommons client 4.1.2 code
(org.apache.http.impl.auth.NTLMEngineImpl.Type3Message class line no 943) I
realized that the last questions would apply here too. Since the code is
computing only the LM response I assume this would mean that LAN Manager
authentication would be used (instead of NTLM v1 or NTLM v2). Do you know of
any scenario where such an NT_AUTH message (Type3) would get rejected with
an authentication error? Note that the LmCompatibilityLevel registry key
value on the domain controller is 1 and that on the server is 2.

Thank you.


olegk wrote:
> 
> On Wed, 2011-08-24 at 23:03 +0530, amit shah wrote:
>> In the NTLM protocol implementation from httpclient 3.1
>> (org.apache.commons.httpclient.auth.NTLM) the NTLM Response Fields are
>> always empty (the NtChallengeResponseLen and NtChallengeResponseMaxLen
>> are
>> set to 0 while NtChallengeResponseBufferOffset is set to finalLength). I
>> have a couple of questions on this
>> 
>> 1. What is the reason of not computing NTLM Challenge Response?
>> 2. We are facing an issue on one of the windows environments where NTLM
>> authentication fails with an error - username or password is incorrect.
>> When
>> comparing the authentication headers generated from commons httpclient
>> and
>> the NTLM protocol implementation from JDK 1.5.15 (using Wireshark) I
>> found
>> the NTLM response data being empty. Does this mean  that commons http
>> client
>> 3.1 only supports LAN Manager authentication and it does NOT support NTLM
>> authentication? If so then a
>> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
>> registry key value of 4 or 5 on a windows domain controller machine would
>> mean that commons http client NTLM authentication would not work for a
>> domain account right?
>> 
>> Thank you.
> 
> Amit,
> 
> Support for Httpclient 3.1 has been discontinued. Please consider
> upgrading to HttpClient 4.1.x
> 
> Oleg
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Commons-HTTP-Client-3.1---NTLM-Response-Empty-tp32328334p32358599.html
Sent from the HttpClient-User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message