Questions tagged [ntlm]

NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

NTLM has been deprecated for many uses as it doesn't support the latest standards:

Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM - MSDN and to use Kerberos instead.

Despite this NTLM is still used inside enterprise networks where Microsoft Active Directory provides the enterprise directory service for Integrated Windows Authentication when Kerberos is not available.

NTLM over HTTP handshake is fairly simple:

Request  - [unauthenticated - no user info passed]

Response - 401 Unauthorized
           WWW-Authenticate: NTLM


Request  - Authorization: NTLM <base64-encoded type-1-message>

Response - 401 Unauthorized
           WWW-Authenticate: NTLM <base64-encoded type-2-message>


Request  - Authorization: NTLM <base64-encoded type-3-message>

           Server can now check username/password against LDAP from type-3 message
Response - 200 Ok [now authenticated & authorised]

1230 questions

votes

1 answer

Does Server decide what Authentication Method is to be followed?

For a Web Application, Does the Server decide what authentication method is to be followed or is it the Client. Are Authentication methods like NTLM and Kerberos Browser specific. In a intranet web application, where does BASIC and Diget stand as…

asked Oct 18 '12 at 11:47

user1737755

votes

0 answers

NTLM hash - change password and return the hash back

I'm working on a new project that would greatly help to those who have little brothers, I thought about this idea: Get the NTLM hash of the user, write the hash into a text file. Change the password of the user (cmd.exe /c net user %username%…

windows vb.net winforms hash ntlm

asked Oct 15 '12 at 04:08

Nmmsda

votes

2 answers

Has anyone been able to get SharePoint using NTLM working with SQUID as a reverse proxy?

We have a SQUID reverse proxy and a MOSS 2007 portal. All sites are using NTLM. We cannot get it working with SQUID as a reverse proxy. Any ideas where to start?

sharepoint ntlm squid

asked Sep 24 '08 at 09:54

SharePoint Newbie

5,974
12
62
103

votes

1 answer

Authentication mechanisms for an application

What are the best practices if I want my application to authenticate itself to other services? Let's say I want my application (the programming language doesn't matter) to access a file share or a repository but I don't want to ask the user for…

authentication ldap kerberos ntlm

asked Sep 20 '12 at 07:20

i--

votes

1 answer

curl authentication header handling

I have a server which supports NTLM and basic authentication schemes and I am using curl to connect to this server using https. For certain reasons, I want curl to use basic authentication scheme when both NTLM and basic is supported, if not use…

curl libcurl basic-authentication ntlm

asked Sep 26 '12 at 14:33

Paras

votes

1 answer

JGSS and NTLMSSP/NegoEx

I'm working on a web application running on JRE 7u7 that uses the SPNEGO library from Sourceforge for authentication. All is well as long as Kerberos is working, but since it's deployed in a complex environment of multiple domains and various…

java ntlm spnego

asked Sep 26 '12 at 09:14

themel

8,825
2
32
31

votes

1 answer

Delegation in WCF not working - First hop is NTLM?

I'm working on a project which requires delegation in a double-hop scenario. We have a desktop client, connecting to a WCF service using a net.tcp binding, connecting to a SQL database on another server. Our goal is to use the user's credentials to…

wcf active-directory impersonation kerberos ntlm

asked Sep 14 '12 at 15:48

Steven Collins

votes

1 answer

Access link which is behind Active Directory Federation Services using HttpWebRequest

I have a website which use Active Directory Federation Services to authenticate the user. I want to access a URL for the site using HttpWebRequest class in code. But when I try that, I get a 401 error. After some research I found that it uses NTLM…

c# httpwebrequest ntlm

asked Sep 13 '12 at 00:51

Amit

25,106
25
75
116

votes

2 answers

Asp.Net MVC 3: intranet application with user in a special AD group?

I saw I can create an intranet authentication which uses NTLM auth. It's almost what I need. In addition I'm required too check that the user is in a specified group in the AD. Is there a simple way to do this? It's for a very small web…

asp.net-mvc asp.net-mvc-3 active-directory ntlm

asked Sep 12 '12 at 07:13

J4N

19,480
39
187
340

votes

1 answer

SSO error for some users in alfresco

We have two nodes in a clustered enviornment (Alfresco and tomcat) with passthru authentication along with ldap and NTLM configured. protocol order is TCPIP, NETBIOS. It works fine most of the time, but sometimes and for some users authentication…

authentication single-sign-on alfresco ntlm passthru

asked Sep 10 '12 at 19:38

Shiv Mishra

votes

1 answer

Can't integrate NTLM and JAVA

I can't integrate NTLM auth in my web app. I use this library for connecting to Samba-server. I don't understand what some of the parameters mean:

ntlm-account