[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NTLM Authentication Project
Thomas,
Not sure. Maybe Scott can provide a bit more insight. It seems to be due to
the following, also from the preiously quoted message:
"Technically, the keep-alive HTTP header should be ignored by any HTTP/1.1
compliant web server. It's an older, HTTP/1.0 keyword. HTTP/1.1 is
persistent by default, and that functionality is turned off by specifying
Connection: close (instead of being turned on by specifying a keep-alive
value) "
Maybe that in itself at least explains the behaviour of HTTPAPI.
Kind regards,
Loek.
----- Original Message -----
From: "Thomas Raddatz" <thomas.raddatz@xxxxxxxxxxx>
To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Sunday, April 22, 2012 5:40 PM
Subject: Re: NTLM Authentication Project
> Loek,
>
> For sure it is not a problem to add the "keep-alive" header to the http
> request chain. The problem I see is that HTTP API calls
> http_persist_open()
> and http_persist_close() each time it sends a request. This way the
> "keep-alive" header does not have any effect.
>
> Am I missing something or did I do something wrong?
>
> Thomas.
>
> Am 22.04.2012 17:10, schrieb Loek Maartens:
>> Hi Thomas,
>>
>> Scott mentions this in an aside remark in this message:
>>
>> Re: (GSKit) I/O: A connection with a remote socket was reset by that
>> socket.
>> of wednesday, 1 juni 2005 18:43.
>>
>> " If you wanted to specify this keyword with HTTPAPI, you could do so by
>> registering an "additional header" exit proc, and adding the Connection:
>> keep-alive and keep-alive: 300 data to the header. "
>>
>> Kind regards,
>>
>> Loek Maartens.
>>
>>
>>
>> ----- Original Message -----
>> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
>> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>> Sent: Sunday, April 22, 2012 4:34 PM
>> Subject: Re: NTLM Authentication Project
>>
>>
>>> Loek,
>>>
>>> Thank you so much for this specific link. It exactly describes what I
>>> mentioned in my first posting about the "keep-alive" header:
>>>
>>> "As mentioned above, this scheme authenticates connections, not requests
>>> ..."
>>>
>>> Now that we know that the connection must be kept alive between the
>>> type-2
>>> and type-3 messages, the next question is: How can we improve HTTP API
>>> to
>>> support persistent connections.
>>>
>>> Regards,
>>>
>>> Thomas.
>>>
>>> Am 22.04.2012 15:55, schrieb Loek Maartens:
>>>> Hi Thomas,
>>>>
>>>> Also an additional resource is:
>>>>
>>>> http://www.innovation.ch/personal/ronald/ntlm.html
>>>>
>>>> Kind regards,
>>>>
>>>> Loek Maartens.
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
>>>> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>>> Sent: Sunday, April 22, 2012 3:38 PM
>>>> Subject: Re: NTLM Authentication Project
>>>>
>>>>
>>>>> Loek,
>>>>>
>>>>> Thank you for your response. Do you mean this document:
>>>>>
>>>>>
>>>>> http://www.devshed.com/c/a/Administration/Authentication-in-Samba/1/
>>>>>
>>>>> The documentation that I used so far is:
>>>>>
>>>>> http://davenport.sourceforge.net/ntlm.html#type3MessageExample
>>>>> http://jcifs.samba.org/ (Java source code)
>>>>>
>>>>> http://msdn.microsoft.com/en-us/library/cc236621%28v=prot.13%29.aspx
>>>>>
>>>>> http://mxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNTLMAuthModule.cpp
>>>>> (c++ Firefox source code)
>>>>>
>>>>> My current service program follows the "jcifs.samba.org"
>>>>> implementation.
>>>>>
>>>>> Actually everything seems to be simple. I do not know what I am doing
>>>>> wrong. It must be something obvious.
>>>>>
>>>>> Thomas.
>>>>>
>>>>> Am 22.04.2012 15:12, schrieb Loek Maartens:
>>>>>> Hi Thomas,
>>>>>>
>>>>>> I do not have any experience with the MS NTLM api, but just found a
>>>>>> PDF
>>>>>> document from MS detailing the HTTP use of NTLM;
>>>>>>
>>>>>> I just googled with {NTLMv1, the actual protocol details} and found a
>>>>>> very
>>>>>> details API specification as the second document presented.
>>>>>>
>>>>>> Hope to help,
>>>>>>
>>>>>> Loek Maartens.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Thomas Raddatz"<thomas.raddatz@xxxxxxxxxxx>
>>>>>> To: "HTTPAPI and FTPAPI Projects"<ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
>>>>>> Sent: Sunday, April 22, 2012 2:22 PM
>>>>>> Subject: NTLM Authentication Project
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Is there somebody who has experiences in using the NTLM
>>>>>>> authentication
>>>>>>> mechanism? I am trying to add NTLM authentication to HTTP API with
>>>>>>> less
>>>>>>> success so far.
>>>>>>>
>>>>>>> Although all my RPGUnit test cases show "green" for all the various
>>>>>>> procedures for calculating this and that, I cannot successfully
>>>>>>> connect
>>>>>>> to
>>>>>>> the IIS server on my local desktop PC. I always get a 401 "Access
>>>>>>> Denied"
>>>>>>> error message.
>>>>>>>
>>>>>>> I must be doing something wrong. Most likely it is something
>>>>>>> obviously
>>>>>>> that
>>>>>>> I do not see. One thing I have in mind is the "keep-alive" header.
>>>>>>> When
>>>>>>> I
>>>>>>> connect from my PC to the IIS on a virtual machine, I can see that
>>>>>>> both
>>>>>>> (client and server) set the "keep-alive" header and that the
>>>>>>> NTLMSSP_NEGOTIATE and NTLMSSP_AUTH messages are send through the
>>>>>>> same
>>>>>>> port.
>>>>>>> As far as I understand HTTP API, HTTP API does not support the
>>>>>>> "keep-alive"
>>>>>>> header and hence my RPG program uses different ports to send these
>>>>>>> messages.
>>>>>>>
>>>>>>> I gladly provide more details or my test library to everyone how
>>>>>>> want
>>>>>>> to
>>>>>>> join me.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Thomas.
>>>>>>> -----------------------------------------------------------------------
>>>>>>> This is the FTPAPI mailing list. To unsubscribe, please go to:
>>>>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>>>>> -----------------------------------------------------------------------
>>>>>>
>>>>>> -----------------------------------------------------------------------
>>>>>> This is the FTPAPI mailing list. To unsubscribe, please go to:
>>>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>>>> -----------------------------------------------------------------------
>>>>>>
>>>>> -----------------------------------------------------------------------
>>>>> This is the FTPAPI mailing list. To unsubscribe, please go to:
>>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>>> -----------------------------------------------------------------------
>>>>
>>>> -----------------------------------------------------------------------
>>>> This is the FTPAPI mailing list. To unsubscribe, please go to:
>>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>>> -----------------------------------------------------------------------
>>>>
>>> -----------------------------------------------------------------------
>>> This is the FTPAPI mailing list. To unsubscribe, please go to:
>>> http://www.scottklement.com/mailman/listinfo/ftpapi
>>> -----------------------------------------------------------------------
>>
>> -----------------------------------------------------------------------
>> This is the FTPAPI mailing list. To unsubscribe, please go to:
>> http://www.scottklement.com/mailman/listinfo/ftpapi
>> -----------------------------------------------------------------------
>>
> -----------------------------------------------------------------------
> This is the FTPAPI mailing list. To unsubscribe, please go to:
> http://www.scottklement.com/mailman/listinfo/ftpapi
> -----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------