[jcifs] Problem with NtlmHttpFilter and Apache2

Wouter van Reeven Wouter.van.Reeven at AMIS.nl
Wed Jun 14 18:09:22 GMT 2006 

Hi Michael,


Thanks for your answer. I'm not sure how the 2nd and 3rd messages can end up in a different HTTP session on RedHat while they do end up in the same HTTP session on Debian and also on Tomcat and Oracle OC4J server on Windows. Anyway, any help is much appreciated, so I will take a look into this as well. I'll modify the NtmlSsp code to also log the current HTTP Session id if that's available there. Otherwise I'll have the NtlmHttpFilter log the session id.

By the way, thanks for pointing out that it's a statefull 3 message handshake. I did notice that on Debian all three handshakes are done while on RedHat the handshake process stops after the second message. I'll post some more debugging code if you like on Monday.


Thanks, Wouter

-- 
AMIS Services BV
Edisonbaan 15
Postbus 24
3430 AA  NIEUWEGEIN

T +31 (30)6016000
F +31 (30)6016001



-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com]
Sent: Wed 14-Jun-06 19:13
To: Wouter van Reeven
Cc: yannick at smellyfrog.com; jcifs at lists.samba.org
Subject: Re: [jcifs] Problem with NtlmHttpFilter and Apache2
 
On Wed, 14 Jun 2006 18:15:23 +0200
"Wouter van Reeven" <Wouter.van.Reeven at AMIS.nl> wrote:

> Hi Yannick,
> 
> 
> Thanks for your reply. Actually, I don't use mod_jk. But I'll check to see if mod_jk is loaded and if so, I will unload it. To connect Apache2 to Tomcat I use mod_rewrite and mod_proxy. Perhaps there's a problem there too? Did you install mod_jk by hand compiled from sources from the Tomcat website?

Maybe. The NTLM HTTP Authentication protocol is a stateful 3 message
handshake. Look at the bottom of the NTLM HTTP Filter docs for details. In
particular the 2nd and 3rd messages need to share the same HTTP session
to store the transaction state. It's a delicate thing that is the source
of 90% of problems reported on this list.

Mike

-- 
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/



-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list