[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NTLM authentication



I don't believe so....nor do I even understand why it'd be needed....

Looking at NTLM authentication from a browser's perspective, NTLM is
useful to allow the browser to automatically pass along the the signed
in user's credentials.  But it's not required, you can manually enter
your user ID and password for the web site.  The fact that it's
authenticated back to a Windows Active Directory doesn't matter to the
browser.

I'd expect the same to apply to HTTPAPI, as long as you pass a valid
user name and password to the web server, it should work.  Unless
there's some way to configure the web server to only support IE...

If you can access a web site with Firefox (assuming you're using the
default of no NTLM integration) or Chrome (which doesn't have NTLM
integration AFAIK) then you should be able to access the site with
HTTPAPI.

I suppose, if instead of using a generic user ID and password, you
wanted to invoke the web call under the running user's credentials,
you'd need something more;  But I don't see NTLM being possible
without underlying support from the OS.  Which probably isn't going to
happen.  An alternative might be RFC 4178  defines a Simple and
Protected Generic Security Service Application Program Interface
Negotiation Mechanism (SPNEGO).

Other thoughts...
http://workshop.openafs.org/afsbpw06/talks/wes-kerberos-on-web.pdf

HTH,
Charles

On Mon, Mar 14, 2011 at 6:30 AM, David Walker <david.2.walker@xxxxxxx> wrote:
>
>     * From: "Donald Leong" <[1]DLeong@xxxxxxxxxxxxxxxxxx>
>     * To: "HTTPAPI and FTPAPI Projects"
>       <[2]ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>     * Subject: RE: www-Authenticate?
>     * Date: Fri, 15 Aug 2008 08:39:14 -0700
>     *
>
>   ·         HTTPAPI only supports the two authentication schemes defined
>   in RFC
>
>   ·         2617, which are called "Basic" and "Digest" authentication.
>
>   ·
>
>   ·         NTLM stands for NT LAN Manager.  (NT = Windows NT.  LAN
>   Manager is an
>
>   ·         old name for "Windows Networking").   It's a proprietary
>   authentication
>
>   ·         mechanism from Microsoft for Windows Networking.  There are
>   a few weird
>
>   ·         situations where it has been used in web applications as
>   well, but this
>
>   ·         is rather unusual.  Unfortunately, you appear to be in one
>   of those
>
>   ·         situations!
>
>   ·
>
>   ·         Anyway, HTTPAPI doesn't support it at this point, and I
>   personally have
>
>   ·         no plans to add it.  You may be able to add it yourself --
>   if you do,
>
>   ·         we'd welcome you to contribute your code back to the
>   project.
>
>   ·
>
>
>   With reference to above, my question is whether the NTLM
>   authentication remains unsupported by HTTPAPI as of 14/03/2011
>
>
>   Regards
>
>
>   David Walker
>
>   GSK Brentford
>     _________________________________________________________________
>
>   This e-mail was sent by GlaxoSmithKline Services Unlimited
>   (registered in England and Wales No. 1047315), which is a
>   member of the GlaxoSmithKline group of companies. The
>   registered address of GlaxoSmithKline Services Unlimited
>   is 980 Great West Road, Brentford, Middlesex TW8 9GS.
>
> References
>
>   1. mailto:DLeong@xxxxxxxxxxxxx
>   2. mailto:ftpapi@xxxxxxxxxxxxx
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
>
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------