[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTPAPI - Disable NTLM Support

From: <victor.j.l.parafina@xxxxxxxxxxxxx>
To: <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: HTTPAPI - Disable NTLM Support
Date: Thu, 21 Apr 2016 18:43:33 +0000

Hi Scott,

Version 1.32 fixed the error. Thanks a lot!!

Thanks,
Victor

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott Klement
Sent: Tuesday, April 19, 2016 3:31 PM
To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPAPI - Disable NTLM Support

Victor,

Sorry about the troubles.    I have had a fix for this error for awhile
now, however, it seems that I forgot to put it on my web site.

I've now uploaded version 1.32 that has a fix for this error.  Can you try it and see if it solves the problem for you?

Thanks!



On 4/18/2016 12:50 PM, victor.j.l.parafina@xxxxxxxxxxxxx wrote:
> Hi Scott,
>
> I am trying to perform a negative test in my interface by entering an invalid username and password. Previously, my interface is able to handle this scenario using HTTPAPI v1.24. I upgraded the HTTPAPI version to v1.31 and now I am having an error in module NTLMR4. Here is the error that I got:
>
> Length or start position is out of range for the string operation.
> Unmonitored exception at line 7535
>
> In line:
>
> token = %subst(tokens: start+1: offs-start);
>
> Here are the values in each variable:
>
> TOKENS = Basic realm=login
> START = 12
> OFFS = 2049
>
> I noticed that one major difference between the versions is the NTLM authentication. Thus, I am trying to disable it to skip going into this line.
>
> Thanks,
>
> Victor
>
> -----Original Message-----
> From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
> [mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
> Klement
> Sent: Wednesday, April 13, 2016 1:45 AM
> To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: HTTPAPI - Disable NTLM Support
>
> Victor,
>
> We never intended for you to disable this manually...   The INSTALL
> program automatically enables/disables based on whether you are running
> V5R3 or newer.   In fact, that is the only reason there is an option to
> disable it at all -- because it won't work on releases older than V5R3.
> Otherwise we would never have given a disable option.
>
> Can you explain why you want to disable it?  If you don't need NTLM, just don't use it...
>
> -SK
>
>
>
> On 4/12/2016 2:47 AM, victor.j.l.parafina@xxxxxxxxxxxxx wrote:
>>      Hi,
>>
>>
>>      I am trying to disable NTLM Support during the installation of HTTPAPI
>>      1.31; however after completing the installation, it seems that the tool
>>      still supports NTLM authentication. What I have done is before creating
>>      the Install program, I manually updated the following lines in
>>      CONFIG_H:
>>
>>
>>      From:
>>
>>      D/define NTLM_SUPPORT
>>
>>
>>      To:
>>
>>      D/undefine NTLM_SUPPORT
>>
>>
>>      Once done, I continued with the installation setting the following
>>      items:
>>
>>
>>      Question
>>
>>                                                               Value
>>
>>      Would you like to build the sample programs?
>>
>>                                                               N
>>
>>      Would you like to build HTTPAPI with SSL support?
>>
>>                                                               Y
>>
>>      Would you like to build eXpat from source code?
>>
>>                                                               N
>>
>>      Would you like to compile support for eXpat into HTTPAPI?
>>
>>                                                               N
>>
>>
>>      After the installation, I checked the same file and has the NTLM
>>      Support option set as defined. I performed a debug and the program
>>      still goes on to the code in which the option NTLM support is defined.
>>      Please see example below:
>>
>>
>>        /if defined(NTLM_SUPPORT)
>>
>>       c                   callp     AuthPlugin_resetAuthentication()
>>
>>        /endif
>>
>>
>>      Are there any steps that I have missed in undefining NTLM support?
>>
>>
>>

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- HTTPAPI - Disable NTLM Support
  - From: victor.j.l.parafina
- Re: HTTPAPI - Disable NTLM Support
  - From: Scott Klement
- RE: HTTPAPI - Disable NTLM Support
  - From: victor.j.l.parafina
- Re: HTTPAPI - Disable NTLM Support
  - From: Scott Klement

Prev by Date: HTTPAPI O/S Version Upgrade Recommendations
Next by Date: RE: Memory leak in EXPAT?
Previous by thread: Re: HTTPAPI - Disable NTLM Support
Next by thread: HTTPAPI O/S Version Upgrade Recommendations
Index(es):
- Date
- Thread