cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: State of NTLM test cases on Windows

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Sun, 7 Apr 2013 12:30:02 +0200

2013/4/7 Marc Hoersken <info_at_marc-hoersken.de>:
> Another issue is that the NTLM type 1 mesage flags are set differently.

Example follow up regarding the different flags: Windows supports
128-bit encryption while using NTLM authentication, but the test cases
respond with the 128-bit encryption flag not being set. The NTLM
Security Support Provider enforces the configuration that is set using
the group policy. There is no way to change this inside the curl code.
Right now this makes the last NTLM step fail with a
SEC_E_UNSUPPORTED_FUNCTION inside the NTLM code and CURLE_RECV_ERROR
inside the authentication code.
See the following blog post for more information:
http://blogs.technet.com/b/edgeaccessblog/archive/2012/04/24/sso-single-sign-on-not-working-for-a-published-web-application-with-uag.aspx

We would have to adapt all NTLM test cases support specify that flag
and test if it breaks on older systems without 128-bit encryption
support or other platforms.

Best regards,
Marc
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-07