cURL / Mailing Lists / curl-library / Single Mail


Re: External NTLM authentication

From: Michael Kaufmann <>
Date: Wed, 15 Jun 2016 14:38:29 +0200

> Do you want to authenticate against the reverse proxy or some server beyond
> that? The latter case will never work with NTLM afaik unless the
> reverse proxy
> is transparent.

I am building the reverse proxy :-) It's like this:

Client <--> Reverse Proxy (uses libcurl) <--> Server

The client wants to authenticate against the server. Both know how to
do NTLM authentication. The reverse proxy's job (in this example) is
to just forward the requests and responses.

> To my knowledge NTLM does not care if the connection is closed
> between the 2nd
> and 3rd authentication stage and libcurl should properly handle
> that. The answer
> to the CHALLENGE packet is just sent in a different connection and
> *that* one is
> the one getting authenticated and is later used for the data transfer.

No, the NTLM type 2 message and the type 3 message must use the same
TCP connection. See the section "Keeping the connection alive" at


List admin:
Received on 2016-06-15