yoga p wrote:
Hi Oleg,
Thanks for you suggestion.
So it seems that httpclient-3.0-rc2 does not support NTLM v1 completely. To
make it work, 'Network security: Do not store LAN Manager Hash value on next
password change.' setting needs to be disabled which indicates that
httpclient-3.0-rc2 works fine with earlier version of NTLM v1 which I assume
is LAN Manager (LM). *Is this correct?*
How I am supposed to know? NTLM is a proprietary authentication scheme,
which until recently did not have any publicly available documentation
at all. If you are a Microsoft paying customer consider contacting
Microsoft official support channels.
Also, I looked at the guide (url you sent me) and found out that
httpclient-4.0 does not support NTLM out of the box due to legal (licensing)
issues. But if required, end user can use some 3rd party NTLM implementation
and use it in httpclient-4.0.
Please advise.
Generally my advice is to NOT use NTLM. You'll be much better off in
terms of security with SSL + Basic authentication.
Oleg
Thanks again for your help.
Mr. Yoga
On Wed, May 6, 2009 at 10:12 AM, Oleg Kalnichevski <[email protected]> wrote:
On Wed, May 06, 2009 at 09:36:30AM -0700, yoga p wrote:
Hi,
We are using HttpClient (commons-httpclient-3.0-rc2.jar) for NTLM
Authentication and currently facing issues when the following security
settings in Windows Server 2003 or (win xp) is enabled:
Control Panel -> Administrative Tools -> Domain Security Policy -> Local
Policies -> Security Options -> Network security: Do not store LAN
Manager
Hash value on next password change.
Click Enabled and then click OK.
After setting this property, NTLM authentication fails with following
error:
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid
credentials.
Has anyone faced similar issue? If so, is there any possible work around
other than disabling above setting?
Also, does it mean that httpclient not supporting NTLM v1?
In the authentication guide of httpclient (
http://hc.apache.org/httpclient-3.x/authentication.html), under known
limitations and problems, it is mentioned that "HttpClient provides
limited
support for what is known as NTLMv1, the early version of the NTLM
protocol." Does anybody know what is the early version of the NTLM
protocol?
Thanks in advance.
Mr. Yoga
Your only option is upgrading to HttpClient 4.0 and following this guide:
http://hc.apache.org/httpcomponents-client/ntlm.html
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
