Hello everyone,

I would like to note that the majority of NTLM test case failures on
Windows are caused by the fact that the Negotiate Security Support
Provider creates NTLM tokens that are a little different than these
created by the GSSAPI.

The main reason is that Windows appends an 8 byte OS version structure
to the NTLM token.
Another issue is that the NTLM type 1 mesage flags are set differently.

My first reaction was to think about how we could make the Negotiate
API create NTLM tokens that are exactly the same as the GSSAPI tokens,
but after thinking about that for some time, I came to the conclusion
that we probably want to have those Windows specific bytes in the
tokens. I am not sure about the state of OS-specific NTLM
authentication in libcurl, but I would guess it is desired to have
access to the full functionality provided by the OS.

So there is a different question, somewhat similar to the line ending
issue: How do we handle those differences in the test cases? Since the
NTLM token contains the Windows OS version, we cannot even hard code
that one into the test cases.

The issue about different flags could be solved by duplicating the
test cases and switching between them depending on the OS, but that
would obviously result in code / test duplication.

I would like to hear your opinion on this one, thanks in advance!

Best regards,
Marc
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-07