[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NTLM Authentication Project

From: Thomas Raddatz <thomas.raddatz@xxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: NTLM Authentication Project
Date: Sun, 22 Apr 2012 16:34:34 +0200

Loek,

Thank you so much for this specific link. It exactly describes what I 
mentioned in my first posting about the "keep-alive" header:

"As mentioned above, this scheme authenticates connections, not requests ..."

Now that we know that the connection must be kept alive between the type-2 
and type-3 messages, the next question is: How can we improve HTTP API to 
support persistent connections.

Regards,

Thomas.

Am 22.04.2012 15:55, schrieb Loek Maartens:
> Hi Thomas,
>
> Also an additional resource is:
>
> http://www.innovation.ch/personal/ronald/ntlm.html
>
> Kind regards,
>
> Loek Maartens.
>
>
> ----- Original Message -----
> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Sunday, April 22, 2012 3:38 PM
> Subject: Re: NTLM Authentication Project
>
>
>> Loek,
>>
>> Thank you for your response. Do you mean this document:
>>
>>     http://www.devshed.com/c/a/Administration/Authentication-in-Samba/1/
>>
>> The documentation that I used so far is:
>>
>>     http://davenport.sourceforge.net/ntlm.html#type3MessageExample
>>     http://jcifs.samba.org/ (Java source code)
>>     http://msdn.microsoft.com/en-us/library/cc236621%28v=prot.13%29.aspx
>>
>> http://mxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNTLMAuthModule.cpp
>> (c++ Firefox source code)
>>
>> My current service program follows the "jcifs.samba.org" implementation.
>>
>> Actually everything seems to be simple. I do not know what I am doing
>> wrong. It must be something obvious.
>>
>> Thomas.
>>
>> Am 22.04.2012 15:12, schrieb Loek Maartens:
>>> Hi Thomas,
>>>
>>> I do not have any experience with the MS NTLM api, but just found a PDF
>>> document from MS detailing the HTTP use of NTLM;
>>>
>>> I just googled with {NTLMv1, the actual protocol details} and found a
>>> very
>>> details API specification as the second document presented.
>>>
>>> Hope to help,
>>>
>>> Loek Maartens.
>>>
>>> ----- Original Message -----
>>> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
>>> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>> Sent: Sunday, April 22, 2012 2:22 PM
>>> Subject: NTLM Authentication Project
>>>
>>>
>>>> Hi,
>>>>
>>>> Is there somebody who has experiences in using the NTLM authentication
>>>> mechanism? I am trying to add NTLM authentication to HTTP API with less
>>>> success so far.
>>>>
>>>> Although all my RPGUnit test cases show "green" for all the various
>>>> procedures for calculating this and that, I cannot successfully connect
>>>> to
>>>> the IIS server on my local desktop PC. I always get a 401 "Access
>>>> Denied"
>>>> error message.
>>>>
>>>> I must be doing something wrong. Most likely it is something obviously
>>>> that
>>>> I do not see. One thing I have in mind is the "keep-alive" header. When
>>>> I
>>>> connect from my PC to the IIS on a virtual machine, I can see that both
>>>> (client and server) set the "keep-alive" header and that the
>>>> NTLMSSP_NEGOTIATE and NTLMSSP_AUTH messages are send through the same
>>>> port.
>>>> As far as I understand HTTP API, HTTP API does not support the
>>>> "keep-alive"
>>>> header and hence my RPG program uses different ports to send these
>>>> messages.
>>>>
>>>> I gladly provide more details or my test library to everyone how want to
>>>> join me.
>>>>
>>>> Regards,
>>>>
>>>> Thomas.
>>>> -----------------------------------------------------------------------
>>>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>> -----------------------------------------------------------------------
>>>
>>> -----------------------------------------------------------------------
>>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>> -----------------------------------------------------------------------
>>>
>> -----------------------------------------------------------------------
>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>> http://www.scottklement.com/mailman/listinfo/ftpapi
>> -----------------------------------------------------------------------
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: NTLM Authentication Project
  - From: Loek Maartens

References:
- NTLM Authentication Project
  - From: Thomas Raddatz
- Re: NTLM Authentication Project
  - From: Loek Maartens
- Re: NTLM Authentication Project
  - From: Thomas Raddatz
- Re: NTLM Authentication Project
  - From: Loek Maartens

Prev by Date: SV: NTLM Authentication Project
Next by Date: Re: NTLM Authentication Project
Previous by thread: Re: NTLM Authentication Project
Next by thread: Re: NTLM Authentication Project
Index(es):
- Date
- Thread