On Mon, 2011-08-29 at 10:24 -0700, LogbackUser wrote: > Thanks Oleg. > > On having a look at httpcommons client 4.1.2 code > (org.apache.http.impl.auth.NTLMEngineImpl.Type3Message class line no 943) I > realized that the last questions would apply here too. Since the code is > computing only the LM response I assume this would mean that LAN Manager > authentication would be used (instead of NTLM v1 or NTLM v2). Do you know of > any scenario where such an NT_AUTH message (Type3) would get rejected with > an authentication error? Note that the LmCompatibilityLevel registry key > value on the domain controller is 1 and that on the server is 2. > > Thank you. >
I am sorry I have no idea about how the NTLM protocol is expected to work. The NTLM engine implementation distributed with HttpClient 4.1.x has been contributed by an external contributor. There is no one on the project who is both able and interested in maintaining it. Anyone willing to work on improving the NTLM code in HttpClient would be most welcome. Oleg > > olegk wrote: > > > > On Wed, 2011-08-24 at 23:03 +0530, amit shah wrote: > >> In the NTLM protocol implementation from httpclient 3.1 > >> (org.apache.commons.httpclient.auth.NTLM) the NTLM Response Fields are > >> always empty (the NtChallengeResponseLen and NtChallengeResponseMaxLen > >> are > >> set to 0 while NtChallengeResponseBufferOffset is set to finalLength). I > >> have a couple of questions on this > >> > >> 1. What is the reason of not computing NTLM Challenge Response? > >> 2. We are facing an issue on one of the windows environments where NTLM > >> authentication fails with an error - username or password is incorrect. > >> When > >> comparing the authentication headers generated from commons httpclient > >> and > >> the NTLM protocol implementation from JDK 1.5.15 (using Wireshark) I > >> found > >> the NTLM response data being empty. Does this mean that commons http > >> client > >> 3.1 only supports LAN Manager authentication and it does NOT support NTLM > >> authentication? If so then a > >> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel > >> registry key value of 4 or 5 on a windows domain controller machine would > >> mean that commons http client NTLM authentication would not work for a > >> domain account right? > >> > >> Thank you. > > > > Amit, > > > > Support for Httpclient 3.1 has been discontinued. Please consider > > upgrading to HttpClient 4.1.x > > > > Oleg > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
