| Summary: | NTLM (NT Lan Manager) authentication | ||
|---|---|---|---|
| Product: | [Unmaintained] kio | Reporter: | Simon Andersen <simon_damkjaer> |
| Component: | general | Assignee: | Unassigned bugs mailing-list <unassigned-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | wishlist | CC: | jason, klingens, kollix, mario.amato, n.v.d.maas, paulw, peter.parzer |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Mandrake RPMs | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Simon Andersen
2003-05-11 23:17:54 UTC
For future reference: page on NTLM: http://www.innovation.ch/java/ntlm.html And just so that it is noted: the page starts with "This is an attempt at documenting the undocumented NTLM authentication scheme (...)". As such, we can already make no promises. And Microsoft can simply flip a switch and break all compatibility. *** Bug 64859 has been marked as a duplicate of this bug. *** *** Bug 55915 has been marked as a duplicate of this bug. *** *** Bug 37373 has been marked as a duplicate of this bug. *** *** Bug 35592 has been marked as a duplicate of this bug. *** Since there is more than one ioslave that would benefit from this, NTLM should be implemented in KIO general (if ever). So I'm reassigning. If someone wants to take shots at implementing this, feel free to do so and attach patches to this bug report. gsasl supports NTLM. Squid 2.5 supports it too. They implemented it with the help of the Samba team. If someone implements this, I can test both squid access and web server access through NTLM at work. (Although NTLM web server access through an NTLM proxy is impossible with Squid. Does MS' own proxy support that?) Martijn See PAN from gnome - this is what I found on http://pan.rebelbase.com/ "Added support for Microsoft Secure Password Authentication ("SPA") so that Pan will work with Microsoft NNTP servers. Thanks to the Samba team for writing the SPA authentication code and to Marc Prud'hommeaux for plugging it into Pan! " Although with MS-Exchange 5 this did not work with the version I tried (pan-0.12.93), but even with a recent version it did not work. I sent them a patch for 0.12.93. SPA is not supported in either MS IE for proxy auth or web server auth. Even MS IIS 6 (Windows 2003) only supports NTLM next to basic and digest auth.The new authentication approach MS is taking is .NET passport auth, which is new in Win2k3, but AFAIK that's not SPA. Martijn *** Bug 70000 has been marked as a duplicate of this bug. *** Bug #70000 contains more links and information. Just a quick note to say the NTLMSSP is in Cyrus-SASL, and that I have recently submitted a patch to make it use ntlm_auth (and therefore Samba's NTLMSSP code). Likewise, KDE could also use ntlm_auth in client-mode directly. (you need current CVS, or 3.0.2 when it is released). I'm happy to help in any way I can. Andrew Bartlett abartlet@samba.org *** Bug 78875 has been marked as a duplicate of this bug. *** Note that bug 78875, marked as a duplicate,w as a request for NTLM authentication for the IMAP IO slave. Just making a note so it does not get forgotten in cause the auth. is added to the HTTP IO slave and someone wants to close this. My company switched to MS Outlook Web Access. Trying to connect by konqueror did not work (authentification failed). I traced down the problem to NTLM. And for whatever reason, the APS NTLM proxy server does not run on my box. So the last solution was to download firefox - and it is working. I encourage you to implement NTLM in KDE (I am using 3.2.1), because it is really a pitty that I have to use firefox now... Regards, Udo I am personally working on implementing NTLM for the IMAP I/O slave. Expect a patch soon. NTLM is often used for single-sign-on ind Windows environments, since ISS can be configured to let people in based on the credentials supplied to the windows client upon logon. Mozilla and Firefox has for the past few releases had NTLM support for webservers. Like apache can be configured to accept NTLM logon and validation of passwords to a Windows server with things like mod_ntlm or Apache::AuthenNTLM. If this could be integrated into "kdm" so the linux-login credentials could be used for further NTLM authentication, Linux/KDE would almost integrate into a windows environment as smothly as Windows itself. NTLM authentication for HTTP(S) has been added to CVS HEAD today, thanks to Karsten Künne. If enough people give it some testing this week and report their findings on kfm-devel@kde.org there is even a chance it can get backported for KDE 3.3.1 *** Bug has been marked as fixed ***. |