A strange problem with NTLM authentication, solved
Date: Mon, 3 Apr 2006 14:51:20 +0200
Well, I had to look after "some" other problems but I finally had the
time to make some tries at solving the strange problem I mentioned in
and fixed it, taking inspiration from Firefox NTLM implementation.
As it turned out I didn't need to implement the NTLM2 key signing,
but that it was sufficient to add the NTLM hash function in addition
to the LM one and making some other adjustments in the order the
different parts of the data block are sent in the Type 2 reply (I'm
sorry for all this NTLM jargon but it would be really long to explain
I'm attaching a patch against curl 7.15.1; I tested it on linux/x86,
windows and osx/ppc connecting to the following servers:
- IIS 5 on an isolated server (i.e. a server handling its own auth)
- IIS 5 using an external domain server with a complex setup (tens of
domains, some tens of thousands users, afaik)
The second was the one which originally had problems.
I think I didn't broke anything that previously worked, so please
include this in curl.
- application/octet-stream attachment: ntlm.diff