NTLM v2 support?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

NTLM v2 support?

Otis Gospodnetic-2-2
Hi,

Does the latest Nutch release support NTLM v2?  I know NTLM is supported (
http://wiki.apache.org/nutch/HttpAuthenticationSchemes ), but I can't find any
explicit references to NTLM version supported.

Thanks,
Otis
----
Sematext :: http://sematext.com/ :: Solr - Lucene - Nutch
Lucene ecosystem search :: http://search-lucene.com/

Reply | Threaded
Open this post in threaded view
|

Re: NTLM v2 support?

Otis Gospodnetic-2-2
Hi,

Actually, there is some reference that maaaaaay be a reference to the NTLM
version:

     byte[] type2msg = {
          'N', 'T', 'L', 'M', 'S', 'S', 'P', 0, // NTLMSSP Signature
          2, 0, 0, 0,                           // Type 2 Indicator

But this is in some ntlm.jsp file that's used for unit testing.
And I'm not sure if "Type 2" means "Version 2".

Would anyone happen to know?


Furthermore, while http://wiki.apache.org/nutch/HttpAuthenticationSchemes 
mentions NTLM, this is the only NTLM stuff grep finds:

$ ffjg NTLM
./src/plugin/protocol-httpclient/src/test/org/apache/nutch/protocol/httpclient/TestProtocolHttpClient.java:  
  * Tests NTLM authentication scheme.
./src/plugin/protocol-httpclient/src/java/org/apache/nutch/protocol/httpclient/Http.java:
 * Digest and NTLM authentication schemes for web server as well as proxy
./src/plugin/protocol-httpclient/src/java/org/apache/nutch/protocol/httpclient/HttpAuthenticationFactory.java:  
             if (challengeString.equals("NTLM")) {

And in HttpAuthenticationFactory the only code "around" NTLM mention here is:
if (challengeString.equals("NTLM")) {
  challengeString="Basic realm=techweb";
}

It looks a little suspicious to have so little code that handles NTLM....

Thanks,
Otis





----- Original Message ----

> From: Otis Gospodnetic <[hidden email]>
> To: [hidden email]
> Sent: Sat, April 2, 2011 5:26:27 PM
> Subject: NTLM v2 support?
>
> Hi,
>
> Does the latest Nutch release support NTLM v2?  I know NTLM is  supported (
> http://wiki.apache.org/nutch/HttpAuthenticationSchemes ), but  I can't find any
>
> explicit references to NTLM version  supported.
>
> Thanks,
> Otis
> ----
> Sematext :: http://sematext.com/ :: Solr -  Lucene - Nutch
> Lucene ecosystem search :: http://search-lucene.com/
>
>
Reply | Threaded
Open this post in threaded view
|

Re: NTLM v2 support?

Susam Pal
On Fri, Apr 8, 2011 at 11:23 PM, Otis Gospodnetic
<[hidden email]> wrote:

> Hi,
>
> Actually, there is some reference that maaaaaay be a reference to the NTLM
> version:
>
>     byte[] type2msg = {
>          'N', 'T', 'L', 'M', 'S', 'S', 'P', 0, // NTLMSSP Signature
>          2, 0, 0, 0,                           // Type 2 Indicator
>
> But this is in some ntlm.jsp file that's used for unit testing.
> And I'm not sure if "Type 2" means "Version 2".
>
> Would anyone happen to know?

This is the NTLM type 2 response sent by the server to the client in
order to complete the negotiation and provide the NTLM challenge to
the client. Note that the above code snippet has been extracted from a
test, a JSP pretending to be protected by NTLM authentication. So,
during the test when the client tries to access this JSP (served with
jetty), this JSP responds with a fake NTLM type 2 response.

>
>
> Furthermore, while http://wiki.apache.org/nutch/HttpAuthenticationSchemes
> mentions NTLM, this is the only NTLM stuff grep finds:
>
> $ ffjg NTLM
> ./src/plugin/protocol-httpclient/src/test/org/apache/nutch/protocol/httpclient/TestProtocolHttpClient.java:
>  * Tests NTLM authentication scheme.
> ./src/plugin/protocol-httpclient/src/java/org/apache/nutch/protocol/httpclient/Http.java:
>  * Digest and NTLM authentication schemes for web server as well as proxy
> ./src/plugin/protocol-httpclient/src/java/org/apache/nutch/protocol/httpclient/HttpAuthenticationFactory.java:
>             if (challengeString.equals("NTLM")) {
>
> And in HttpAuthenticationFactory the only code "around" NTLM mention here is:
> if (challengeString.equals("NTLM")) {
>  challengeString="Basic realm=techweb";
> }
>
> It looks a little suspicious to have so little code that handles NTLM....

And that's why this code never worked. Hence
https://issues.apache.org/jira/browse/NUTCH-559 which uses
commons-httpclient-3.1.jar to do the authentication.
Reply | Threaded
Open this post in threaded view
|

Re: NTLM v2 support?

Susam Pal
In reply to this post by Otis Gospodnetic-2-2
On Sun, Apr 3, 2011 at 2:56 AM, Otis Gospodnetic <[hidden email]> wrote:

> Hi,
>
> Does the latest Nutch release support NTLM v2?  I know NTLM is supported (
> http://wiki.apache.org/nutch/HttpAuthenticationSchemes ), but I can't find any
> explicit references to NTLM version supported.
>
> Thanks,
> Otis
> ----
> Sematext :: http://sematext.com/ :: Solr - Lucene - Nutch
> Lucene ecosystem search :: http://search-lucene.com/
>
>

I don't know whether commons-httpclient-3.1.jar supported NTLM v2.
This is the JAR the authentication code depends on.

I have copied this email to httpclient-users in case anyone from
httpclient-users can tell us whether NTLM v2 was supported in
HttpClient 3.1.

Susam Pal
Reply | Threaded
Open this post in threaded view
|

Re: NTLM v2 support?

Oleg Kalnichevski
On Thu, 2011-04-21 at 04:24 +0530, Susam Pal wrote:

...

> I don't know whether commons-httpclient-3.1.jar supported NTLM v2.
> This is the JAR the authentication code depends on.
>
> I have copied this email to httpclient-users in case anyone from
> httpclient-users can tell us whether NTLM v2 was supported in
> HttpClient 3.1.
>
> Susam Pal
>

HttpClient 3.1 supports NTLMv1 only. Please consider upgrading to
HttpClient 4.1 if you need NTLMv2 or SPNEGO/Kerberos support.

Oleg