Bug 202379

Summary: Bad way of performaing NTLM authentication
Product: [Applications] konqueror Reporter: Vincent Panel <bugs.kde.org>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: normal CC: adawit
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: konqueror and firefox HTTP session

Description Vincent Panel 2009-08-03 12:11:15 UTC 
Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

Since KDE 4.1, I am not able to access an internal site here using NTLM authentication. Firefox is able to access to it. I thought it was due to NTLMv2 not being supported, but I was wrong.

I've finally decided to run wireshark and discovered NTMLv1 is being used to authenticate to the website and konqueror does actually try to authenticate but with wrong credentials, hence the website denies access.

Inside the packet sniff, wireshark is not able to find the correct username when I use konqueror (only the first letter of the username seems to be sent over the wire). I've also sniffed the firefox NTLM auth and wireshark is displaying the full correct username.

I would like to attach the pcap so that you can see yourself, but need to sanitize it before sending it online. I try to find a method, unless I can send it to you in private.
Comment 1 Vincent Panel 2009-08-03 12:33:08 UTC 
Created attachment 35809 [details]
konqueror and firefox HTTP session

Arf, I attach the not-sanitized pcap, nothing is confidential anyway...
Comment 2 Dawit Alemayehu 2011-10-25 07:47:48 UTC 
Is this still the case with KDE v4.7 and up ? A lot of fixes went on to address NTLM related authentication issues prior to KDE 4.4 or 4.5 release.
Comment 3 Dawit Alemayehu 2011-10-28 17:04:07 UTC 
This has been fixed in KDE 4.7.3 [1]. Thanks for the report.

[1] https://bugs.kde.org/show_bug.cgi?id=284870#c9.

*** This bug has been marked as a duplicate of bug 284870 ***