Maybe this link will help you: http://davenport.sourceforge.net/ntlm.html
Advertising
-- [EMAIL PROTECTED] http://www.overbyte.be ----- Original Message ----- From: "Arno Garrels" <[EMAIL PROTECTED]> To: "ICS support mailing" <twsocket@elists.org> Sent: Sunday, January 22, 2006 7:45 PM Subject: [twsocket] NTLM AUTH > Hi, > > I've played a bit with NTLM since I wanted to find a server-side > solution to accept NTLM authenticated users. BTW: The key is SSPI > on Windows systems. > > In current NTLM implementation, in IcsNtlmMsgs.NtlmGetMessage2 > there's somthing I do not understand, which has to do with the > Domain-discussion in a previous thread. > > As I understand it now, the server replies to the Type1 msg with > a Type2 msg which includes the domain and host name (depending > on the flags either as Unicode or OEM). > However in HTTPCli-NTLM implementation Type1 msg is being sent with an > empty DomainName as well as and empty HostName always. Later field > Host is populated in Type3 msg with LocalhostName, why?? > I wonder why we do not pass the Domain in Type1 msg and in function > THttpCli.GetNTLMMessage3 we just pass the fields returned from the > server like that: > Result := NtlmGetMessage3(FNTLMMsg2Info.Domain, //'', > FNTLMMsg2Info.Server, // Hostname, > { FNTLMUsercode, FNTLMPassword, } > FCurrUsername, FCurrPassword, > FNTLMMsg2Info.Challenge); > > > Also the flags are not checked in NtlmGetMessage2, but Type3 msg > is always sent Unicode, what happens if the server doesn't support > it (it mostly will support it, but who knows?). > > Arno Garrels > > > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
