[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: kio_http NTLM auth problem and possible patch.
From: Szombathelyi "György" <gyurco () freemail ! hu>
Date: 2005-06-11 14:13:14
Message-ID: 200506111613.14264.gyurco () freemail ! hu
[Download RAW message or body]
Thanks for the dump, now it's clear that there's a bug in KNTLM somewhere, the
username and domain name offset should be 301 and 307 in the response you
sent, now I'm starting to review the code, but sadly I don't have any test
server at hand at now. So if you have some free time for debugging, please
consider doing it ;)
Thanks,
György
2005. június 10. 15.43 dátummal ezt írta:
> On Friday 10 June 2005 13:09, Szombathelyi György wrote:
> > Then please can you send it to me privataly? First change your password
> > to a non-sensitive one, and try an authentication with the correct
> > password. I cannot imagine why a server sends a TargetInfo structure,
> > since it's only required for NTLMv2.
>
> I redid them. I hope there's not to much network traffic, with ethereal i
> filtered http packets and they look ok. As you can notice firefox uses
> directly NTLMv1 but I think that it doesn't support v2.
>
> the strange thing that I just noticed now is that ethereal can decode NTLM
> packets but with the NTLMv2 generated by kntlm it cannot decode the
> Username and other entries:
>
> User name: ?????????
>
> Let me know if there's something more that I can do.
>
> Bye!
>
> > Simone Gotti wrote:
> > > On Thursday 09 June 2005 23:38, Szombathelyi Gy�rgy wrote:
> > >>Hi!
> > >>
> > >>Can you post the tcpdump output for the failed NTLMv2 conversation?
> > >
> > > maybe I can send it to you privately as there're my personal account
> > > that can be probably discovered analyzing them. I can also redo them
> > > sending the wrong password to it.
> > >
> > >>Maybe
> > >>there's a bug in the NTLMv2 code, which should be fixed, instead of
> > >>disabling the whole NTLMv2 authentication.
> > >
> > > My idea isn't to disable NTLMv2 but to do 2 tries, One with NTLMv2 and
> > > if it fails then try with NTLMv1. Or maybe the NTLMv2 string generation
> > > has a bug.
____________________________________________________________________
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.
Probald ki most! http://www.freestart.hu
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic