You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-user@axis.apache.org by Alex Mantaut <al...@intraway.com> on 2012/11/02 14:39:08 UTC
Re: NTLM authentication
Hi All,
I've been trying to test ntlm authentication through libntlm, but
I had some problems...
The ntlm session authentication consists in 4 steps,
- the client issues a negotiate message (type 1 message)
- the server responds a forbidden message, and sends an ntlm challenge
(which will be used to hash the authenticate message) (type 2 message)
- the client sends an authenticate message (type 3 message)
- the server responds ok.
I've tried to connect but there seems to be a problem because my client
always sends the negotiate message, but never receives the challenge
message..
Well, I've been capturing the requests and respond messages,looked trough
the jira tickets and the NTLM standard doc, and there seems to be a problem
in the negotiate message, it's supposed to have an empty body, but axis2c
always sends the body message in the request... I think this may cause the
server not to send the challenge... In
https://issues.apache.org/jira/browse/AXIS2C-1372, there seemed to be a
similar issue with libcurl...
I've looked a lot through the http_sender code but I'm not sure on how to
disable sending the message body... Can anyone help me with this, in order
to make libntlm work?
Also, anyone could make libntlm work and tested it? Damitha?
What is the status on the licensing issue for libtnlm? can it be included
in the repo??
Thanks for everything
On Wed, Oct 24, 2012 at 12:04 AM, Dinesh Weerapurage <xy...@gmail.com>wrote:
> Hi Alex,
>
> These posts might be helpful
>
> http://goo.gl/he2Hq
>
>
> http://damithakumarage.wordpress.com/2011/06/02/ntlm-auth-support-for-axis2c/
>
> thanks,
> Dinesh.
>
> On Tue, Oct 23, 2012 at 12:56 PM, Alex Mantaut <al...@intraway.com>wrote:
>
>> Hi,
>> I need to implement a client with NTLM authentication (without a
>> proxy)... I looked into the different alternatives to it in trunk and RC6
>> and I'm not sure on what is the best library to do this...
>> Can I use libcurl to do this? I looked into the libntlm wrapper code
>> and it seems empty... Can someone provide a simple example of a ntlm client
>> that works with one of those libraries?
>>
>> Thanks for everything
>>
>> --
>> --
>> Mantaut Alex
>> Intraway Corp.
>>
>> +54 (11) 6040-4000
>> MSN: alex.mantaut@intraway.com
>>
>> Visit our website at http://www.intraway.com
>> Proud to be an ISO 9001:2008 certified compan
>>
>>
>
--
--
Mantaut Alex
Intraway Corp.
+54 (11) 6040-4000
MSN: alex.mantaut@intraway.com
Visit our website at http://www.intraway.com
Proud to be an ISO 9001:2008 certified company
Re: NTLM authentication
Posted by Alex Mantaut <al...@intraway.com>.
There, I've created a new patch based on trunk code... I've attached it to
the issue.
Regards
On Wed, Nov 7, 2012 at 11:58 PM, Dinesh Weerapurage <xy...@gmail.com>wrote:
> Alex, since you already got it working could you generate a patch from
> your trunk please ? Please go ahead and attach the new patch into the above
> issue.
>
> thanks,
> Dinesh.
>
> On Fri, Nov 2, 2012 at 1:56 PM, Alex Mantaut <al...@intraway.com>wrote:
>
>> Well, I kind of desisted on using libntlm to connect to an NTLM server...
>> The code I could find on that didn't worked...
>> Instead I tried the libcurl authentication code on this tck
>> https://issues.apache.org/jira/browse/AXIS2C-1370 and it works fine, and
>> it supports more authentication protocols than libntlm... Can someone
>> commit this code to trunk? or is it necessary some more work on this tck?
>>
>> Dinesh, Can we incorporate this code on the new RC? (The patches are a
>> little outdated so I needed to apply manually to the code, but they work
>> perfectly)
>>
>> Regards
>>
>>
>>
>> On Fri, Nov 2, 2012 at 10:39 AM, Alex Mantaut <al...@intraway.com>wrote:
>>
>>> Hi All,
>>> I've been trying to test ntlm authentication through libntlm,
>>> but I had some problems...
>>> The ntlm session authentication consists in 4 steps,
>>>
>>> - the client issues a negotiate message (type 1 message)
>>> - the server responds a forbidden message, and sends an ntlm challenge
>>> (which will be used to hash the authenticate message) (type 2 message)
>>> - the client sends an authenticate message (type 3 message)
>>> - the server responds ok.
>>>
>>> I've tried to connect but there seems to be a problem because my client
>>> always sends the negotiate message, but never receives the challenge
>>> message..
>>>
>>> Well, I've been capturing the requests and respond messages,looked
>>> trough the jira tickets and the NTLM standard doc, and there seems to be a
>>> problem in the negotiate message, it's supposed to have an empty body, but
>>> axis2c always sends the body message in the request... I think this may
>>> cause the server not to send the challenge... In
>>> https://issues.apache.org/jira/browse/AXIS2C-1372, there seemed to be a
>>> similar issue with libcurl...
>>>
>>> I've looked a lot through the http_sender code but I'm not sure on how
>>> to disable sending the message body... Can anyone help me with this, in
>>> order to make libntlm work?
>>>
>>> Also, anyone could make libntlm work and tested it? Damitha?
>>> What is the status on the licensing issue for libtnlm? can it be
>>> included in the repo??
>>>
>>> Thanks for everything
>>>
>>>
>>>
>>>
>>> On Wed, Oct 24, 2012 at 12:04 AM, Dinesh Weerapurage <xydinesh@gmail.com
>>> > wrote:
>>>
>>>> Hi Alex,
>>>>
>>>> These posts might be helpful
>>>>
>>>> http://goo.gl/he2Hq
>>>>
>>>>
>>>> http://damithakumarage.wordpress.com/2011/06/02/ntlm-auth-support-for-axis2c/
>>>>
>>>> thanks,
>>>> Dinesh.
>>>>
>>>> On Tue, Oct 23, 2012 at 12:56 PM, Alex Mantaut <
>>>> alex.mantaut@intraway.com> wrote:
>>>>
>>>>> Hi,
>>>>> I need to implement a client with NTLM authentication (without a
>>>>> proxy)... I looked into the different alternatives to it in trunk and RC6
>>>>> and I'm not sure on what is the best library to do this...
>>>>> Can I use libcurl to do this? I looked into the libntlm wrapper
>>>>> code and it seems empty... Can someone provide a simple example of a ntlm
>>>>> client that works with one of those libraries?
>>>>>
>>>>> Thanks for everything
>>>>>
>>>>>
>>>>> --
>>>>> --
>>>>> Mantaut Alex
>>>>> Intraway Corp.
>>>>>
>>>>> +54 (11) 6040-4000 begin_of_the_skype_highlighting FREE +54 (11)
>>>>> 6040-4000end_of_the_skype_highlighting <%2B54%20%2811%29%206040-4000>
>>>>>
>>>>> MSN: alex.mantaut@intraway.com
>>>>>
>>>>>
>>>>> Visit our website at http://www.intraway.com
>>>>> Proud to be an ISO 9001:2008 certified compan
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> --
>>> Mantaut Alex
>>> Intraway Corp.
>>>
>>> +54 (11) 6040-4000
>>> MSN: alex.mantaut@intraway.com
>>>
>>> Visit our website at http://www.intraway.com
>>>
>>> Proud to be an ISO 9001:2008 certified company
>>>
>>>
>>
>>
>> --
>> --
>> Mantaut Alex
>> Intraway Corp.
>>
>> +54 (11) 6040-4000
>> MSN: alex.mantaut@intraway.com
>>
>> Visit our website at http://www.intraway.com
>> Proud to be an ISO 9001:2008 certified company
>>
>>
>
--
--
Mantaut Alex
Intraway Corp.
+54 (11) 6040-4000
MSN: alex.mantaut@intraway.com
Visit our website at http://www.intraway.com
Proud to be an ISO 9001:2008 certified company
Re: NTLM authentication
Posted by Dinesh Weerapurage <xy...@gmail.com>.
Alex, since you already got it working could you generate a patch from your
trunk please ? Please go ahead and attach the new patch into the above
issue.
thanks,
Dinesh.
On Fri, Nov 2, 2012 at 1:56 PM, Alex Mantaut <al...@intraway.com>wrote:
> Well, I kind of desisted on using libntlm to connect to an NTLM server...
> The code I could find on that didn't worked...
> Instead I tried the libcurl authentication code on this tck
> https://issues.apache.org/jira/browse/AXIS2C-1370 and it works fine, and
> it supports more authentication protocols than libntlm... Can someone
> commit this code to trunk? or is it necessary some more work on this tck?
>
> Dinesh, Can we incorporate this code on the new RC? (The patches are a
> little outdated so I needed to apply manually to the code, but they work
> perfectly)
>
> Regards
>
>
>
> On Fri, Nov 2, 2012 at 10:39 AM, Alex Mantaut <al...@intraway.com>wrote:
>
>> Hi All,
>> I've been trying to test ntlm authentication through libntlm,
>> but I had some problems...
>> The ntlm session authentication consists in 4 steps,
>>
>> - the client issues a negotiate message (type 1 message)
>> - the server responds a forbidden message, and sends an ntlm challenge
>> (which will be used to hash the authenticate message) (type 2 message)
>> - the client sends an authenticate message (type 3 message)
>> - the server responds ok.
>>
>> I've tried to connect but there seems to be a problem because my client
>> always sends the negotiate message, but never receives the challenge
>> message..
>>
>> Well, I've been capturing the requests and respond messages,looked trough
>> the jira tickets and the NTLM standard doc, and there seems to be a problem
>> in the negotiate message, it's supposed to have an empty body, but axis2c
>> always sends the body message in the request... I think this may cause the
>> server not to send the challenge... In
>> https://issues.apache.org/jira/browse/AXIS2C-1372, there seemed to be a
>> similar issue with libcurl...
>>
>> I've looked a lot through the http_sender code but I'm not sure on how to
>> disable sending the message body... Can anyone help me with this, in order
>> to make libntlm work?
>>
>> Also, anyone could make libntlm work and tested it? Damitha?
>> What is the status on the licensing issue for libtnlm? can it be included
>> in the repo??
>>
>> Thanks for everything
>>
>>
>>
>>
>> On Wed, Oct 24, 2012 at 12:04 AM, Dinesh Weerapurage <xy...@gmail.com>wrote:
>>
>>> Hi Alex,
>>>
>>> These posts might be helpful
>>>
>>> http://goo.gl/he2Hq
>>>
>>>
>>> http://damithakumarage.wordpress.com/2011/06/02/ntlm-auth-support-for-axis2c/
>>>
>>> thanks,
>>> Dinesh.
>>>
>>> On Tue, Oct 23, 2012 at 12:56 PM, Alex Mantaut <
>>> alex.mantaut@intraway.com> wrote:
>>>
>>>> Hi,
>>>> I need to implement a client with NTLM authentication (without a
>>>> proxy)... I looked into the different alternatives to it in trunk and RC6
>>>> and I'm not sure on what is the best library to do this...
>>>> Can I use libcurl to do this? I looked into the libntlm wrapper code
>>>> and it seems empty... Can someone provide a simple example of a ntlm client
>>>> that works with one of those libraries?
>>>>
>>>> Thanks for everything
>>>>
>>>> --
>>>> --
>>>> Mantaut Alex
>>>> Intraway Corp.
>>>>
>>>> +54 (11) 6040-4000 begin_of_the_skype_highlighting FREE +54 (11)
>>>> 6040-4000end_of_the_skype_highlighting <%2B54%20%2811%29%206040-4000>
>>>>
>>>> MSN: alex.mantaut@intraway.com
>>>>
>>>> Visit our website at http://www.intraway.com
>>>> Proud to be an ISO 9001:2008 certified compan
>>>>
>>>>
>>>
>>
>>
>> --
>> --
>> Mantaut Alex
>> Intraway Corp.
>>
>> +54 (11) 6040-4000
>> MSN: alex.mantaut@intraway.com
>>
>> Visit our website at http://www.intraway.com
>>
>> Proud to be an ISO 9001:2008 certified company
>>
>>
>
>
> --
> --
> Mantaut Alex
> Intraway Corp.
>
> +54 (11) 6040-4000
> MSN: alex.mantaut@intraway.com
>
> Visit our website at http://www.intraway.com
> Proud to be an ISO 9001:2008 certified company
>
>
Re: NTLM authentication
Posted by Alex Mantaut <al...@intraway.com>.
Well, I kind of desisted on using libntlm to connect to an NTLM server...
The code I could find on that didn't worked...
Instead I tried the libcurl authentication code on this tck
https://issues.apache.org/jira/browse/AXIS2C-1370 and it works fine, and it
supports more authentication protocols than libntlm... Can someone commit
this code to trunk? or is it necessary some more work on this tck?
Dinesh, Can we incorporate this code on the new RC? (The patches are a
little outdated so I needed to apply manually to the code, but they work
perfectly)
Regards
On Fri, Nov 2, 2012 at 10:39 AM, Alex Mantaut <al...@intraway.com>wrote:
> Hi All,
> I've been trying to test ntlm authentication through libntlm, but
> I had some problems...
> The ntlm session authentication consists in 4 steps,
>
> - the client issues a negotiate message (type 1 message)
> - the server responds a forbidden message, and sends an ntlm challenge
> (which will be used to hash the authenticate message) (type 2 message)
> - the client sends an authenticate message (type 3 message)
> - the server responds ok.
>
> I've tried to connect but there seems to be a problem because my client
> always sends the negotiate message, but never receives the challenge
> message..
>
> Well, I've been capturing the requests and respond messages,looked trough
> the jira tickets and the NTLM standard doc, and there seems to be a problem
> in the negotiate message, it's supposed to have an empty body, but axis2c
> always sends the body message in the request... I think this may cause the
> server not to send the challenge... In
> https://issues.apache.org/jira/browse/AXIS2C-1372, there seemed to be a
> similar issue with libcurl...
>
> I've looked a lot through the http_sender code but I'm not sure on how to
> disable sending the message body... Can anyone help me with this, in order
> to make libntlm work?
>
> Also, anyone could make libntlm work and tested it? Damitha?
> What is the status on the licensing issue for libtnlm? can it be included
> in the repo??
>
> Thanks for everything
>
>
>
>
> On Wed, Oct 24, 2012 at 12:04 AM, Dinesh Weerapurage <xy...@gmail.com>wrote:
>
>> Hi Alex,
>>
>> These posts might be helpful
>>
>> http://goo.gl/he2Hq
>>
>>
>> http://damithakumarage.wordpress.com/2011/06/02/ntlm-auth-support-for-axis2c/
>>
>> thanks,
>> Dinesh.
>>
>> On Tue, Oct 23, 2012 at 12:56 PM, Alex Mantaut <alex.mantaut@intraway.com
>> > wrote:
>>
>>> Hi,
>>> I need to implement a client with NTLM authentication (without a
>>> proxy)... I looked into the different alternatives to it in trunk and RC6
>>> and I'm not sure on what is the best library to do this...
>>> Can I use libcurl to do this? I looked into the libntlm wrapper code
>>> and it seems empty... Can someone provide a simple example of a ntlm client
>>> that works with one of those libraries?
>>>
>>> Thanks for everything
>>>
>>> --
>>> --
>>> Mantaut Alex
>>> Intraway Corp.
>>>
>>> +54 (11) 6040-4000
>>> MSN: alex.mantaut@intraway.com
>>>
>>> Visit our website at http://www.intraway.com
>>> Proud to be an ISO 9001:2008 certified compan
>>>
>>>
>>
>
>
> --
> --
> Mantaut Alex
> Intraway Corp.
>
> +54 (11) 6040-4000
> MSN: alex.mantaut@intraway.com
>
> Visit our website at http://www.intraway.com
>
> Proud to be an ISO 9001:2008 certified company
>
>
--
--
Mantaut Alex
Intraway Corp.
+54 (11) 6040-4000
MSN: alex.mantaut@intraway.com
Visit our website at http://www.intraway.com
Proud to be an ISO 9001:2008 certified company