tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Endre Stølsvik <>
Subject NTLM / Connection: Keep-Alive / HTTP 1.0
Date Thu, 02 Jan 2003 13:29:15 GMT
We're having a problem surrounding Tomcat when using NTLM authentication
(Windows NT/2000 "single sign-on" through IE), when Internet Explorer
decides that it should use HTTP 1.0.

The problem is that NTLM _must_ go three times "back-and-forth" on the
same connection. It is a connection-level authentication mechanism, rather
than a session-oriented mechanism, probably violating a dozen RFCs.
However, this requires that the server does "Keep-Alive" connections.

The whole system works like a charm with HTTP 1.1, where Tomcat is eager
to do keep-alive. But, if the browser is set up to do HTTP 1.0 only (as
you can with IE, also through the policy system for windows, as a company
here have done!), then Tomcat refuses to do keep-alive. A RFC out there
(http:1.0 2068) states that if the client adds the string "Connection:
Keep-Alive", then the server should still do keep-alive, even on 1.0. This
is not the fact with Tomcat (4.1.12); it always and still closes the
connection if the client requests HTTP 1.0 _with_ "Connection:
Keep-alive" (as verified using telnet).

We've banged our heads against this for some time now, and would like to
know if anyone have any ideas for solutions.

One idea that haven't been exhausted yet is whether any of the connectors
available between apache httpd and tomcat will behave differently that
tomcat's native http connector? Is this an probable avenue?

Any help would be greatly apreciated!

PS: Check out the excellent jcifs project for more background on NTLM and

Endre Stølsvik               M[+47 93054050] F[+47 51625182]
Developer @ CoreTrek AS         -
CoreTrek corporate portal / EIP -

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message