[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM implementation prevent authentication on some servers

Tue, 04 Dec 2012 07:27:02 -0800 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509792#comment-13509792
 ] 

Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------

Code is written; writing fairly extensive tests now, and will try in the field 
before I attach a patch.

Several problems discovered - notably (so far):

- ntlmv2 response broken because blob too short by 8 bytes
- handling of "request ntlm2 response" not correct when target and targetinfo 
present (which apparently is the case now in the newest NTLM release by 
microsoft)
- missing "domain present" and "workstation present" flag settings in Type 1 
message

I am also adding calculation of session key; this is done by cURL but is not 
particularly useful for HTTP interactions.  We'll see how that works out in the 
end.

                
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1266
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpAuth
>    Affects Versions: 4.2.2
>            Reporter: Karl Wright
>             Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers 
> (Windows 2008 Server R2) which seem to be configured in a way that the 
> connector cannot authenticate with them using httpcomponents NTLM.  It's 
> worth noting that cURL succeeds, so the NTLM setup is apparently reasonable.  
> Furthermore, the mcf patched version of commons-httpclient also fails in 
> exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends 
> are, in some cases, inconsistent with the data we include.  I am working on a 
> httpclient patch, which I hope to be able to exercise in one of the client 
> situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to