[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NTLM Authentication Project

From: Thomas Raddatz <thomas.raddatz@xxxxxxxxxxx>
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: NTLM Authentication Project
Date: Sun, 22 Apr 2012 17:40:22 +0200

Loek,

For sure it is not a problem to add the "keep-alive" header to the http 
request chain. The problem I see is that HTTP API calls http_persist_open() 
and http_persist_close() each time it sends a request. This way the 
"keep-alive" header does not have any effect.

Am I missing something or did I do something wrong?

Thomas.

Am 22.04.2012 17:10, schrieb Loek Maartens:
> Hi Thomas,
>
> Scott mentions this in an aside remark in this message:
>
> Re: (GSKit) I/O: A connection with a remote socket was reset by that socket.
> of  wednesday, 1 juni 2005 18:43.
>
> " If you wanted to specify this keyword with HTTPAPI, you could do so by
> registering an "additional header" exit proc, and adding the Connection:
> keep-alive and keep-alive: 300 data to the header. "
>
> Kind regards,
>
> Loek Maartens.
>
>
>
> ----- Original Message -----
> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> Sent: Sunday, April 22, 2012 4:34 PM
> Subject: Re: NTLM Authentication Project
>
>
>> Loek,
>>
>> Thank you so much for this specific link. It exactly describes what I
>> mentioned in my first posting about the "keep-alive" header:
>>
>> "As mentioned above, this scheme authenticates connections, not requests
>> ..."
>>
>> Now that we know that the connection must be kept alive between the type-2
>> and type-3 messages, the next question is: How can we improve HTTP API to
>> support persistent connections.
>>
>> Regards,
>>
>> Thomas.
>>
>> Am 22.04.2012 15:55, schrieb Loek Maartens:
>>> Hi Thomas,
>>>
>>> Also an additional resource is:
>>>
>>> http://www.innovation.ch/personal/ronald/ntlm.html
>>>
>>> Kind regards,
>>>
>>> Loek Maartens.
>>>
>>>
>>> ----- Original Message -----
>>> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
>>> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>> Sent: Sunday, April 22, 2012 3:38 PM
>>> Subject: Re: NTLM Authentication Project
>>>
>>>
>>>> Loek,
>>>>
>>>> Thank you for your response. Do you mean this document:
>>>>
>>>>      http://www.devshed.com/c/a/Administration/Authentication-in-Samba/1/
>>>>
>>>> The documentation that I used so far is:
>>>>
>>>>      http://davenport.sourceforge.net/ntlm.html#type3MessageExample
>>>>      http://jcifs.samba.org/ (Java source code)
>>>>      http://msdn.microsoft.com/en-us/library/cc236621%28v=prot.13%29.aspx
>>>>
>>>> http://mxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNTLMAuthModule.cpp
>>>> (c++ Firefox source code)
>>>>
>>>> My current service program follows the "jcifs.samba.org" implementation.
>>>>
>>>> Actually everything seems to be simple. I do not know what I am doing
>>>> wrong. It must be something obvious.
>>>>
>>>> Thomas.
>>>>
>>>> Am 22.04.2012 15:12, schrieb Loek Maartens:
>>>>> Hi Thomas,
>>>>>
>>>>> I do not have any experience with the MS NTLM api, but just found a PDF
>>>>> document from MS detailing the HTTP use of NTLM;
>>>>>
>>>>> I just googled with {NTLMv1, the actual protocol details} and found a
>>>>> very
>>>>> details API specification as the second document presented.
>>>>>
>>>>> Hope to help,
>>>>>
>>>>> Loek Maartens.
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
>>>>> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>>>> Sent: Sunday, April 22, 2012 2:22 PM
>>>>> Subject: NTLM Authentication Project
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Is there somebody who has experiences in using the NTLM authentication
>>>>>> mechanism? I am trying to add NTLM authentication to HTTP API with
>>>>>> less
>>>>>> success so far.
>>>>>>
>>>>>> Although all my RPGUnit test cases show "green" for all the various
>>>>>> procedures for calculating this and that, I cannot successfully
>>>>>> connect
>>>>>> to
>>>>>> the IIS server on my local desktop PC. I always get a 401 "Access
>>>>>> Denied"
>>>>>> error message.
>>>>>>
>>>>>> I must be doing something wrong. Most likely it is something obviously
>>>>>> that
>>>>>> I do not see. One thing I have in mind is the "keep-alive" header.
>>>>>> When
>>>>>> I
>>>>>> connect from my PC to the IIS on a virtual machine, I can see that
>>>>>> both
>>>>>> (client and server) set the "keep-alive" header and that the
>>>>>> NTLMSSP_NEGOTIATE and NTLMSSP_AUTH messages are send through the same
>>>>>> port.
>>>>>> As far as I understand HTTP API, HTTP API does not support the
>>>>>> "keep-alive"
>>>>>> header and hence my RPG program uses different ports to send these
>>>>>> messages.
>>>>>>
>>>>>> I gladly provide more details or my test library to everyone how want
>>>>>> to
>>>>>> join me.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Thomas.
>>>>>> -----------------------------------------------------------------------
>>>>>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>>>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>>>> -----------------------------------------------------------------------
>>>>>
>>>>> -----------------------------------------------------------------------
>>>>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>>> -----------------------------------------------------------------------
>>>>>
>>>> -----------------------------------------------------------------------
>>>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>> -----------------------------------------------------------------------
>>>
>>> -----------------------------------------------------------------------
>>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>> -----------------------------------------------------------------------
>>>
>> -----------------------------------------------------------------------
>> This is the FTPAPI mailing list.  To unsubscribe, please go to:
>> http://www.scottklement.com/mailman/listinfo/ftpapi
>> -----------------------------------------------------------------------
>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list.  To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: NTLM Authentication Project
  - From: Loek Maartens
- Re: NTLM Authentication Project
  - From: Thomas Raddatz

References:
- NTLM Authentication Project
  - From: Thomas Raddatz
- Re: NTLM Authentication Project
  - From: Loek Maartens
- Re: NTLM Authentication Project
  - From: Thomas Raddatz
- Re: NTLM Authentication Project
  - From: Loek Maartens
- Re: NTLM Authentication Project
  - From: Thomas Raddatz
- Re: NTLM Authentication Project
  - From: Loek Maartens

Prev by Date: Re: NTLM Authentication Project
Next by Date: Re: NTLM Authentication Project
Previous by thread: Re: NTLM Authentication Project
Next by thread: Re: NTLM Authentication Project
Index(es):
- Date
- Thread