On Tue, 14 Feb 2006, LianHwang Ti wrote:

> I've used JCIFS's NtlmHttpFilter to implement a web filter to enable NT
> based authentication. The filter works with the MSIE client, but cannot work
> with
>
> curl --ntlm -u:userid:password http://localhost/...
>
> If I use curl to access a IE web server with NT authentication turned on it
> worked. So does using curl with proxy based authentication.

Wow. Then you're up for some fun debugging. Don't expect to find many given
answers anywhere. NTLM is like black magic. Expect to have to dig into (lack
of) very scary bit definitions.

NTLM should be avoided.

> On debugging the filter, it shows that the userid to be null:
>
> Authehtication: NTLM
> TlRMTVNTUAADAAAAGAAYAEUAAAAYABgAXQAAAAAAAABAAAAABQAFAEAAAAAAAAAARQAAAAAAAAB1AAAAAYIAAG1lZW5hT4okKCQght8hjakdJd2kG1fpobeVQMN0rcXrjEjtyS4DkempxRSSuh96RdFAJDx/

And what did curl's verbose output say about its request for the same
operation?

> curl 7.15.1 (i586-pc-mingw32msvc) libcurl/7.15.1 OpenSSL/0.9.7e zlib/1.2.2
> Protocols: tftp ftp gopher telnet dict ldap http file https ftps
> Features: Largefile NTLM SSL libz

One possible work-around to try would be to get the SSPI-enabled curl, as it
uses Windows internal functions for the NTLM and I figure that is more likely
to be "correct".

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html