[Cyberduck-trac] [Cyberduck] #2835: NTLM authentication should be supported
Cyberduck
trac at trac.cyberduck.ch
Wed Dec 31 16:59:13 CET 2008
#2835: NTLM authentication should be supported
-------------------------+--------------------------------------------------
Reporter: georgmaass | Owner: dkocher
Type: enhancement | Status: new
Priority: normal | Milestone: 3.1
Component: webdav | Version: 3.0.3
Severity: normal | Keywords: Authentication, NTLM
-------------------------+--------------------------------------------------
Comment(by anonymous):
Now I get a 404 response after some 401 respones, which is what I expect,
because the domain is an invalid path.
HTTP/1.1 404 [\r][\n]
Server: Microsoft-IIS/6.0[\r][\n]
X-Powered-By: ASP.NET[\r][\n]
MicrosoftSharePointTeamServices: 12.0.0.6219[\r][\n]
Date: Wed, 31 Dec 2008 15:39:22 GMT[\r][\n]
Connection: close[\r][\n]
[\r][\n]
Why must we specify the domain? Isn't it sent in the NTLM challenge? If I
use SeaMonkey composer with WebDAV to publish I never specify a domain
even if asked in a three text field dialog asking for domain, username and
password even there I leave the domain empty. Probably SeaMonkey then
takes it from the NTLM challange.
The server response contains the domain within the base64 encoded data.
From there you can take it. It is not necessary to abuse the path for this
purpose. After decoding the base64 encoded response you find the domain
beginning somewhere about byte 20.
--
Ticket URL: <http://trac.cyberduck.ch/ticket/2835#comment:4>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV and Amazon S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list