You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2014/03/21 12:06:43 UTC

[jira] [Commented] (HTTPCLIENT-1488) Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth, JCIFS doesn't

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13942964#comment-13942964 ] 

Karl Wright commented on HTTPCLIENT-1488:
-----------------------------------------

Hi Andreas,

Can you provide a stack trace of the actual error you are seeing?

In general though, it's difficult enough to make sure an NTLM engine authenticates properly against all the varieties and configurations of Windows, let alone some third party's attempt to emulate Windows.  The JCIFS implementation is notable because it does the minimum possible to perform the authentication; it's not surprising at all that the current HttpClient implementation would be more careful and more restrictive.

If you can show that all versions of Windows successfully authenticate against Squid's fake ntlm implementation, then I think you have a case; until then, you might be better served opening a ticket against Squid. ;-)
 

> Built-in NTLM engine fails to authenticate against Squids ntlm_fake_auth, JCIFS doesn't
> ---------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1488
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1488
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.3
>         Environment: Squid 4.3.3
> JCIFS 1.3.17
>            Reporter: Andreas Sewe
>         Attachments: builtin.pcap.gz, jcfis.pcap.gz
>
>
> I used the provided ClientProxyAuthentication example <https://hc.apache.org/httpcomponents-client-4.2.x/httpclient/examples/org/apache/http/examples/client/ClientProxyAuthentication.java> to authenticate with NTML against a local Squid instance, using its ntlm_fake_auth helper (only does the handshake, all credentials are considered valid).
> Unfortunately, this fails with the NTLM engine built into version 4.3.3 (also tested with 4.2.1: same result). Following the guidance of <http://hc.apache.org/httpcomponents-client-ga/ntlm.html>, I got it working with JCIFS. Is Squid not implementing NTLM as expected by HttpComponents?
> I added two Wireshark captures to show the differences in handshake behaviour between the built-in and JCIFS engines. Hope that helps.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org