cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: External NTLM authentication

From: Michael Kaufmann <mail_at_michael-kaufmann.ch>
Date: Wed, 15 Jun 2016 14:38:29 +0200

> Do you want to authenticate against the reverse proxy or some server beyond
> that? The latter case will never work with NTLM afaik unless the
> reverse proxy
> is transparent.

I am building the reverse proxy :-) It's like this:

Client <--> Reverse Proxy (uses libcurl) <--> Server

The client wants to authenticate against the server. Both know how to
do NTLM authentication. The reverse proxy's job (in this example) is
to just forward the requests and responses.

> To my knowledge NTLM does not care if the connection is closed
> between the 2nd
> and 3rd authentication stage and libcurl should properly handle
> that. The answer
> to the CHALLENGE packet is just sent in a different connection and
> *that* one is
> the one getting authenticated and is later used for the data transfer.

No, the NTLM type 2 message and the type 3 message must use the same
TCP connection. See the section "Keeping the connection alive" at
https://www.innovation.ch/personal/ronald/ntlm.html

Regards,
Michael

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-15

This message: [ Message body ]
Next message: Daniel Bugl: "Survey: Relevance of Configuration Systems in Free and Open Source Software"
Previous message: Daniel Stenberg: "Re: libcurl crahes when an SFTP server's home directory is non-exist"
In reply to: Michael König: "Re: External NTLM authentication"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]