DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38072>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38072 Summary: Http Client: NTLM Authorization does not work with servers that require NTLM response in the authorization Product: HttpClient Version: 3.0 RC4 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: HttpAuth AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I've tried to get http client to use NTLM authentication or Proxy Authentication with NTLM (for the proxy, not the server), In both cases I see that in the Authorization/Proxy Authorization header, only the LAN Manager response is sent and not the NTLM response (I've seen this in a sniffer and in the code itself, see below). This will not work with servers that their security settings does not allow this, Some require NTLM and do not allow to receive only LM. (NTLM is more secure). I've looked at the NTLM.java class (In org.apache.commons.httpclient), and looks like it really does not send the NTLM response on purpose (It sets its length to zero). To check the security settings in windows go to: Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> Security Options -> LAN Manager authentication Level Note that Domain settings override local settings Is there a way to make it work? (Assuming I can't force the server to accept LAN Manager response only), And if not, is it planned to be supported in the http client? Thanks, Tali. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
