You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2012/11/30 18:33:58 UTC
[jira] [Created] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Karl Wright created HTTPCLIENT-1266:
---------------------------------------
Summary: Flag issues in NTLM implementation prevent authentication on some servers
Key: HTTPCLIENT-1266
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpAuth
Affects Versions: 4.2.2
Reporter: Karl Wright
At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Gary Gregory (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509819#comment-13509819 ]
Gary Gregory commented on HTTPCLIENT-1266:
------------------------------------------
It might be best to split this up in several Jiras and patches.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510359#comment-13510359 ]
Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------
I should also mention that this has an excellent chance of fixing HTTPCLIENT-1080 and HTTPCLIENT-1040, although I do not have the means of testing all configurations here.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
> Attachments: HTTPCLIENT-1266.patch
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Wright updated HTTPCLIENT-1266:
------------------------------------
Attachment: HTTPCLIENT-1266.patch
Trunk-based patch, for safe keeping. Still in the process of confirming that it works on real-world Windows systems; will update if needed.
Anyone who tries this patch, and has it fail, and where https is not involved, should send a packet capture to DaddyWri@gmail.com . I will guarantee confidentiality.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
> Attachments: HTTPCLIENT-1266.patch
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Comment Edited] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509850#comment-13509850 ]
Karl Wright edited comment on HTTPCLIENT-1266 at 12/4/12 4:52 PM:
------------------------------------------------------------------
It will have to be one patch, because it includes significant code reorganization as well. It's all within one class.
was (Author: kwright@metacarta.com):
It will have to be one patch, because it includes significant code reorganization as well.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13510455#comment-13510455 ]
Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------
The tests require that some methods and classes have protected scope, otherwise I agree.
Please also remember that I am actively recruiting testers with varied environments, so there could be subsequent changes as a result of that effort. I will create new tickets if/when these situations arise.
Once logic has all been confirmed, I am curious whether it might be possible to include this in a point release of 4.2. But we will address that when everything is ready.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: 4.3 Alpha1
>
> Attachments: HTTPCLIENT-1266.patch
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1266:
------------------------------------------
Fix Version/s: Future
Hi Karl
The truth is there is simply no one among the HC committers capable and willing to maintain the NTLM engine code. In fact, we even recommend JCIFS to be used instead, primarily for that reason.
I'll happily review and commit patches but will not actively investigate bug reports. There is actually already a few NTLM related issues, which are not very likely to get looked at and resolved (HTTPCLIENT-1040, HTTPCLIENT-1080).
Since this particular piece of code originates from and is being used by ManifoldCF, I was hoping some of your folks might want to take a leading role in maintaining it. I would happily do my part by tackling HC specific and administrative issues.
Oleg
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509792#comment-13509792 ]
Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------
Code is written; writing fairly extensive tests now, and will try in the field before I attach a patch.
Several problems discovered - notably (so far):
- ntlmv2 response broken because blob too short by 8 bytes
- handling of "request ntlm2 response" not correct when target and targetinfo present (which apparently is the case now in the newest NTLM release by microsoft)
- missing "domain present" and "workstation present" flag settings in Type 1 message
I am also adding calculation of session key; this is done by cURL but is not particularly useful for HTTP interactions. We'll see how that works out in the end.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509850#comment-13509850 ]
Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------
It will have to be one patch, because it includes significant code reorganization as well.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Gary Gregory (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13509862#comment-13509862 ]
Gary Gregory commented on HTTPCLIENT-1266:
------------------------------------------
Please consider that when reviewing patches, it can be hard to distinguish fixes from reorgs. Doing this stages might smooth out the process. I'll leave it to Oleg to adjudicate though here ;)
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Updated] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Wright updated HTTPCLIENT-1266:
------------------------------------
Description:
At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
Please see CONNECTORS-572 for details and research results.
was:
At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
Please see CONNECTORS-572 for details and research results.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13508347#comment-13508347 ]
Karl Wright commented on HTTPCLIENT-1266:
-----------------------------------------
We'll do our best - as you know this is largely driven by customer discovery. ManifoldCF is fortunate that we have a wide variety of customers out there, and we've been able in the past to leverage their infrastructure when problems arise.
If you bring issues to our attention where NTLM is concerned, and especially if you have clients willing to interact with me, there's a good chance we can work out issues and resolve them. The jcifs solution, as you well know, is not ideal because of the licensing. The current HttpComponents implementation is not actually broken very badly - over the weekend I discovered exactly what the issue is, and the fix is trivial. However, I will also take this opportunity to bring the implementation up to a higher level, since Microsoft has now published specifications of sorts on the protocol, so many opaque features are now clearer.
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Commented] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13508374#comment-13508374 ]
Oleg Kalnichevski commented on HTTPCLIENT-1266:
-----------------------------------------------
Karl
Our (more or less) official position regarding NTLM support can be found here [1]. JCIFS is recommended simply for practical reasons and we certainly would welcome improvements to the default implementation. It would great if someone could look into HTTPCLIENT-1080 and figure out where the default implementation was lacking compared to JCIFS.
Oleg
[1] http://hc.apache.org/httpcomponents-client-ga/ntlm.html
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: Future
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
[jira] [Resolved] (HTTPCLIENT-1266) Flag issues in NTLM
implementation prevent authentication on some servers
Posted by "Oleg Kalnichevski (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski resolved HTTPCLIENT-1266.
-------------------------------------------
Resolution: Fixed
Fix Version/s: (was: Future)
4.3 Alpha1
I cannot do much as far as this patch is concerned other than saying it looks well written and comes with abundance of test cases. I am committing the patch as is. The only thing I would do is reducing visibility of all non-public method to package private.
Oleg
> Flag issues in NTLM implementation prevent authentication on some servers
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1266
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1266
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpAuth
> Affects Versions: 4.2.2
> Reporter: Karl Wright
> Fix For: 4.3 Alpha1
>
> Attachments: HTTPCLIENT-1266.patch
>
>
> At the ManifoldCF project, we've recently encountered two SharePoint servers (Windows 2008 Server R2) which seem to be configured in a way that the connector cannot authenticate with them using httpcomponents NTLM. It's worth noting that cURL succeeds, so the NTLM setup is apparently reasonable. Furthermore, the mcf patched version of commons-httpclient also fails in exactly the same way, so it looks like a long-standing issue.
> Working through the problem, it appears that the NTLM flags httpclient sends are, in some cases, inconsistent with the data we include. I am working on a httpclient patch, which I hope to be able to exercise in one of the client situations within the next week or two.
> Please see CONNECTORS-572 for details and research results.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org