On Mon, 2007-11-26 at 00:13 +0530, Mubey N. wrote: > I am doing NTLM authentication. There are multiple domains on the same > URL.
My knowledge of Microsoft stuff got somewhat rusty but I believe in Microsoft a host _always_ belongs to just one domain. The domain controller may delegate the authentication process to another trusted domain, but a user is meant to have only one set of credentials _per_ host. So, in Microsoft world authentication realms as defined by the HTTP spec effectively are meaningless. > So, I am setting different credentials for different auth-scopes > using a code as shown below. > > AuthScope scope = new AuthScope(url.getHost(), port, domain); > NTCredentials credentials = new NTCredentials(user, pass, > clientHost, domain); > httpclient.getState().setCredentials(scope, credentials); > An NTLM domain and an authentication realm are completely different things. For NTLM the realm should always be null <any>. > I have repeated this code a few times to set different credentials for > different domains. In NTLM type 2 response from the server, the server > sends the NTLM domain it expects for authentication. > > However, I find that the httpclient pays no heed to the domain name > specified in NTLM type 2 response. It simply goes ahead with > authentication with an arbitrary credentials. Is this an expected > behavior? > Yes, it is. We offer only very limited support for NTLM authentication. > Does setting domain as the third argument of AuthScope(.., .., domain) > constructor has no effect? > Yes. Oleg > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
