On Thu, 2008-02-28 at 13:37 -0600, Cathy L Kegley wrote: > I would be willing to take on the implementation. It is function we > need to support for some of our customers and I am currently > investigating the best way to provide it. I think that if it can be > included in the Apache HttpClient, that would be the best way. >
Great!!! > Can you contact the necessary people on the Apache side to ensure that > any implementation I provide, based solely on these specs, could be > contributed to the HttpClient? > Sure. Roland, Erik, I gather you both are subscribed to the [EMAIL PROTECTED] list already? Would it be a big deal for you post a question to our legal team whether the two specs mentioned previously would be enough to accept a clean room implementation of the NTLM authentication scheme based on those specs? Oleg > Thanks. > > Cathy Kegley > > > Lotus Expeditor Runtime Development > 512.838.1229 (T/L: 678.1229) > [EMAIL PROTECTED] > > Inactive hide details for Oleg Kalnichevski ---02/28/2008 01:32:01 > PM---On Thu, 2008-02-28 at 09:03 -0600, Cathy L Kegley wroteOleg > Kalnichevski ---02/28/2008 01:32:01 PM---On Thu, 2008-02-28 at 09:03 > -0600, Cathy L Kegley wrote: > > > From: > > Oleg Kalnichevski > <[EMAIL PROTECTED]> > > To: > > HttpComponents Project > <[email protected]> > > Cc: > > Cathy L Kegley/Austin/[EMAIL PROTECTED] > > Date: > > 02/28/2008 01:32 PM > > Subject: > > Re: NTLMv2 in Apache HttpClient > > > ______________________________________________________________________ > > > > > On Thu, 2008-02-28 at 09:03 -0600, Cathy L Kegley wrote: > > Hi Oleg, > > > > Microsoft recently released a bunch of open protocol specification > on > > MSDN. NTLM is included in that. These are the specs I have been > > looking at: > > > > > http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NLMP%5D.pdf > > > http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-NTHT%5D.pdf > > > > Does this ease any of the legal implications for Apache? > > > > Yes, this does sound very encouraging, but someone from the legal team > would still have to look at the documents and give us a formal okay. > And > we would still need to find a volunteer prepared to take on a "clean > room" implementation of the spec. > > Oleg > > > > > > Cathy Kegley > > > > > > Lotus Expeditor Runtime Development > > 512.838.1229 (T/L: 678.1229) > > [EMAIL PROTECTED] > > > > Inactive hide details for Oleg Kalnichevski ---02/28/2008 04:40:55 > > AM---On Wed, 2008-02-27 at 15:18 -0800, [EMAIL PROTECTED] wOleg > > Kalnichevski ---02/28/2008 04:40:55 AM---On Wed, 2008-02-27 at 15:18 > > -0800, [EMAIL PROTECTED] wrote: > > > > > > From: > > > > Oleg Kalnichevski > > <[EMAIL PROTECTED]> > > > > To: > > > > Cathy L Kegley/Austin/[EMAIL PROTECTED] > > > > Cc: > > > > HttpComponents Project > > <[email protected]> > > > > Date: > > > > 02/28/2008 04:40 AM > > > > Subject: > > > > Re: NTLMv2 in Apache HttpClient > > > > > > > ______________________________________________________________________ > > > > > > > > > > On Wed, 2008-02-27 at 15:18 -0800, [EMAIL PROTECTED] wrote: > > > Hi Oleg, > > > > > > > Hi Cathy > > > > > I am investigating what it would take to add NTLMv2 support to the > > Apache HttpClient as well as integrated Windows authentication for > > both NTLMv1 and v2. I have seen your name on numerous messages in > the > > forum regarding NTLM, so thought I write you. Is this support > > something you would be interested to see contributed back to the > > HttpClient? What are the restrictions on this? > > > > > > > Absolutely. We would love to see a better support for NTLMv2 in > > HttpClient. However, we cannot accept any code unless we are > > absolutely > > sure (1) it can be licensed or re-licensed under ASLv2 and (2) it > does > > not infringe on any Microsoft patents. The latter condition pretty > > much > > implies some company with close ties to Microsoft and lots of legal > > muscles going into the trouble of taking this issue up directly with > > Microsoft. > > > > Exactly for the above stated reasons we would like to use an > external > > library for the NTLM support to be free of having to deal with all > > these > > legal troubles. > > > > > I saw on the NTLM FAQ page that the use of jCIFS is currently > under > > investigation for licensing issues. Has anything more come of that? > > > > > > > No, it has not. No one volunteered so far to do all the leg work. > > > > > > Are there any plans to add support for NTLMv2 or the integrated > > Windows authentication in the near future? > > > > > > > Currently not a single active committer on the project expressed any > > interest in working on it in the foreseeable future. So, essentially > > we > > are waiting for some external contributor to turn up with a solution > > "scratching his/her own itch", so to speak. > > > > Oleg > > > > PS: I am sending a copy of this message to the HttpComponents dev > list > > to keep the rest of the team in the loop. It would be really great > if > > you subscribed to the list, should you be interested in discussing > the > > subject further. > > > > http://hc.apache.org/mail-lists.html > > > > > Thanks. > > > Cathy Kegley > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
