Tag: Apache, Apache / Home

Apache

NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Home » Apache

  • NTLM Authentication Limitations

    1 answers - 1031 bytes - related search similar search Add To My Delicious Add To My Stumble Upon Add To My Google Mark Add To My Facebook Add To My Digg Add To My Reddit

    Apologies for the intrusion, just wanted to pass on the following
    in-case anyone runs across it.
    We are using Axis to communicate with a windows web service that
    requires NTLM authentication. Everything was working super (thanks to
    all the hard work everyone!), then we ran into a problem with one
    particular user.
    After much investigation, it turned out that this was because his
    password was 15 characters. NTLM v1 (used by Apache HttpClient) is
    limited to 14 bytes for the password. In the windows world this
    doesn't cause a problem as the clients can use NTLMv2, but it means
    that a java client must use credentials with less than 14 bytes to be
    able to inter-operate.
    Just thought I'd mention it. It isn't a bug, more a known limitation
    - but hard to diagnose from the symptoms. It might be worth a patch
    to throw an error if axis is passed credentials with greater than 14
    bytes - let me know if you want me to submit this.
    Thanks,
    Martin.

  • No.1 | | 1262 bytes | |

    Martin,

    Could u please raise this as an issue against Commons HTTPclient?

    thanks,
    dims

    1/17/06, Martin Woodward <martin.woodward (AT) gmail (DOT) comwrote:
    Apologies for the intrusion, just wanted to pass on the following
    in-case anyone runs across it.

    We are using Axis to communicate with a windows web service that
    requires NTLM authentication. Everything was working super (thanks to
    all the hard work everyone!), then we ran into a problem with one
    particular user.

    After much investigation, it turned out that this was because his
    password was 15 characters. NTLM v1 (used by Apache HttpClient) is
    limited to 14 bytes for the password. In the windows world this
    doesn't cause a problem as the clients can use NTLMv2, but it means
    that a java client must use credentials with less than 14 bytes to be
    able to inter-operate.

    Just thought I'd mention it. It isn't a bug, more a known limitation
    - but hard to diagnose from the symptoms. It might be worth a patch
    to throw an error if axis is passed credentials with greater than 14
    bytes - let me know if you want me to submit this.

    Thanks,

    Martin.

    --

    http://www.woodwardweb.com

Re: NTLM Authentication Limitations


max 4000 letters.
Your nickname that display:
In order to stop the spam: 4 + 4 =
QUESTION ON "Apache"

EMSDN.COM