Bug 58356 - NTLM (NT Lan Manager) authentication
Summary: NTLM (NT Lan Manager) authentication
Status: RESOLVED FIXED
Alias: None
Product: kio
Classification: Unmaintained
Component: general (show other bugs)
Version: unspecified
Platform: Mandrake RPMs Linux
: NOR wishlist
Target Milestone: ---
Assignee: Unassigned bugs mailing-list
URL:
Keywords:
: 35592 55915 64859 70000 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-05-11 23:17 UTC by Simon Andersen
Modified: 2004-09-22 14:26 UTC (History)
7 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Andersen 2003-05-11 23:17:54 UTC
Version:            (using KDE KDE 3.1)
Installed from:    Mandrake RPMs
OS:          Linux

It is possible to authenticate via an MS Proxy Server using the NTLM protocol by running the 'NTLM Authorization Proxy Server' ( http://www.geocities.com/rozmanov/ntlm/ ). But it would be nice to have this feature implemented in Konqueror, so I don't need to start the proxy server everytime I have to log in. 

A lot of information can be found at http://www.geocities.com/rozmanov/ntlm/ .

I believe NTLM authentication is supported in Mozilla 1.4 beta.
Comment 1 Thiago Macieira 2003-05-12 01:03:01 UTC
For future reference: page on NTLM: http://www.innovation.ch/java/ntlm.html 
 
And just so that it is noted: the page starts with "This is an attempt at documenting 
the undocumented NTLM authentication scheme (...)". As such, we can already 
make no promises. And Microsoft can simply flip a switch and break all 
compatibility. 
 
Comment 2 Daniel Molkentin 2003-09-24 11:55:09 UTC
*** Bug 64859 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Molkentin 2003-09-24 11:58:18 UTC
*** Bug 55915 has been marked as a duplicate of this bug. ***
Comment 4 Daniel Molkentin 2003-09-24 11:59:01 UTC
*** Bug 37373 has been marked as a duplicate of this bug. ***
Comment 5 Daniel Molkentin 2003-09-24 12:02:39 UTC
*** Bug 35592 has been marked as a duplicate of this bug. ***
Comment 6 Thiago Macieira 2003-09-24 16:41:39 UTC
Since there is more than one ioslave that would benefit from this, NTLM should be implemented in KIO 
general (if ever). So I'm reassigning. 
 
If someone wants to take shots at implementing this, feel free to do so and attach patches to this bug 
report. 
Comment 7 Marc Mutz 2003-10-02 23:30:49 UTC
gsasl supports NTLM. 
Comment 8 Martijn Klingens 2003-12-03 11:18:55 UTC
Squid 2.5 supports it too. They implemented it with the help of the Samba team.

If someone implements this, I can test both squid access and web server access through NTLM at work. (Although NTLM web server access through an NTLM proxy is impossible with Squid. Does MS' own proxy support that?)

Martijn
Comment 9 Martin Koller 2003-12-03 12:26:30 UTC
See PAN from gnome - this is what I found on http://pan.rebelbase.com/ 
 
 "Added support for Microsoft Secure Password Authentication ("SPA") so that Pan will work with Microsoft NNTP servers. Thanks to the Samba team for writing the SPA authentication code and to Marc Prud'hommeaux for plugging it into Pan! " 

Although with MS-Exchange 5 this did not work with the version I tried (pan-0.12.93), but even with a recent version it did not work. I sent them a patch for 0.12.93.
 
Comment 10 Martijn Klingens 2003-12-03 12:37:10 UTC
SPA is not supported in either MS IE for proxy auth or web server auth. Even MS IIS 6 (Windows 2003) only supports NTLM next to basic and digest auth.The new authentication approach MS is taking is .NET passport auth, which is new in Win2k3, but AFAIK that's not SPA.

Martijn
Comment 11 Thiago Macieira 2003-12-10 15:19:58 UTC
*** Bug 70000 has been marked as a duplicate of this bug. ***
Comment 12 Thiago Macieira 2003-12-10 15:21:12 UTC
Bug #70000 contains more links and information.
Comment 13 Andrew Bartlett 2003-12-31 03:54:58 UTC
Just a quick note to say the NTLMSSP is in Cyrus-SASL, and that I have recently submitted a patch to make it use ntlm_auth (and therefore Samba's NTLMSSP code).

Likewise, KDE could also use ntlm_auth in client-mode directly.  (you need current CVS, or 3.0.2 when it is released).

I'm happy to help in any way I can.

Andrew Bartlett
abartlet@samba.org
Comment 14 Daniel Molkentin 2004-04-02 01:16:16 UTC
*** Bug 78875 has been marked as a duplicate of this bug. ***
Comment 15 Jason Keirstead 2004-04-16 02:41:12 UTC
Note that bug 78875, marked as a duplicate,w as a request for NTLM authentication for the IMAP IO slave.

Just making a note so it does not get forgotten in cause the auth. is added to the HTTP IO slave and someone wants to close this.
Comment 16 Udo 2004-05-08 13:27:44 UTC
My company switched to MS Outlook Web Access.
Trying to connect by konqueror did not work
(authentification failed).

I traced down the problem to NTLM.
And for whatever reason, the APS NTLM proxy server
does not run on my box.

So the last solution was to download firefox -
and it is working.

I encourage you to implement NTLM in KDE (I am using 3.2.1),
because it is really a pitty that I have to use
firefox now...

Regards,
Udo
Comment 17 Jason Keirstead 2004-05-09 18:47:35 UTC
I am personally working on implementing NTLM for the IMAP I/O slave. Expect a patch soon.
Comment 18 Jesper Krogh 2004-05-19 07:56:20 UTC
NTLM is often used for single-sign-on ind Windows environments, since ISS can be configured to let people in based on the credentials supplied to the windows client upon logon. 

Mozilla and Firefox has for the past few releases had NTLM support for webservers.

Like apache can be configured to accept NTLM logon and validation of passwords to a Windows server with things like mod_ntlm or Apache::AuthenNTLM. 

If this could be integrated into "kdm" so the linux-login credentials could be used for further NTLM authentication, Linux/KDE would almost integrate into a windows environment as smothly as Windows itself. 
Comment 19 Waldo Bastian 2004-09-22 14:11:48 UTC
NTLM authentication for HTTP(S) has been added to CVS HEAD today, thanks to
Karsten Künne.

If enough people give it some testing this week and report their findings on kfm-devel@kde.org there is even a chance it can get backported for KDE 3.3.1
Comment 20 Waldo Bastian 2004-09-22 14:26:16 UTC
*** Bug has been marked as fixed ***.