Hi,
I've played a bit with NTLM since I wanted to find a server-side
solution to accept NTLM authenticated users. BTW: The key is SSPI
on Windows systems.
In current NTLM implementation, in IcsNtlmMsgs.NtlmGetMessage2
there's somthing I do not understand, which has to do with the
Domain-discussion in a previous thread.
As I understand it now, the server replies to the Type1 msg with
a Type2 msg which includes the domain and host name (depending
on the flags either as Unicode or OEM).
However in HTTPCli-NTLM implementation Type1 msg is being sent with an
empty DomainName as well as and empty HostName always. Later field
Host is populated in Type3 msg with LocalhostName, why??
I wonder why we do not pass the Domain in Type1 msg and in function
THttpCli.GetNTLMMessage3 we just pass the fields returned from the
server like that:
Result := NtlmGetMessage3(FNTLMMsg2Info.Domain, //'',
FNTLMMsg2Info.Server, // Hostname,
{ FNTLMUsercode, FNTLMPassword, }
FCurrUsername, FCurrPassword,
FNTLMMsg2Info.Challenge);
Also the flags are not checked in NtlmGetMessage2, but Type3 msg
is always sent Unicode, what happens if the server doesn't support
it (it mostly will support it, but who knows?).
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
