Use credentials of current user
Brought to you by:
mavey
We would like to deploy this in a corporate environment to allow our legacy applications to communicate with SharePoint. It would be preferred to use the credentials of the currently logged in user rather than having to generate a hash and edit the cfg file. Perhaps a windows specific add-on that could use CredentialCache.DefaultCredentials http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx
Get me a piece of C code that can extract these cached credentials and I'll do it. I haven't been able to find out how to get at them.
I can use a Windows DLL with a C interface if need be.
@mavey, take a look at the jTDS project. It's a JDBC driver for SQL Server, which comes with a "ntlmauth.dll" file, which seems like it does what you want. I'm able to connect to SQL Server (using NTLM authorization) without explicitly setting any credentials.
http://jtds.sourceforge.net/
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Does the c code here help http://mxr.mozilla.org/mozilla-central/source/extensions/auth/
https://developer.mozilla.org/en/Integrated_Authentication
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Heavily requested for Google Chrome which may have additional links as well here
http://code.google.com/p/chromium/issues/detail?id=19
That jTDS native lib was perfect. There's all I need.
You just have to wait a bit, because I'm too busy at work to code OSS. I'm in Germany for a month now as if I hadn't too much work at home already. :)
We are very interrested by this features.
Please update your status about this feature
Thank you
This feature would skyrocket cntlm. I currently don't use cntlm because its too easy to lock your account when you change password. Reload pages a couple of times, and you have exceeded your fail attempts limit. Is there any way we can help? Does the Mozilla code help?
I said I'd get the feature in, but unfortunately I'm too busy now to work on Cntlm.
To prevent blocking users' accounts when they specify wrong credentials, I'll also add a failed auth counter, that will block more than 2 fails (and will expire after some seconds or restart).
At the moment I don't even have access to Windows with domain logon to work with. I'm afraid you'll all have to wait, despite my own desire to push out the new beta.
If you can find the time to code this - please do. I must log in with a smartcard & PIN code at work, and thus don't even *know* my password.
I can't use Eclipse's update feature because it still hasn't got proper NTLM support and had hoped cntlm would fit in nicely to fill the gap...
Thanks in advance!
That's bad - I don't think cntlm or any other NTLM proxy will work for you in this setup. Looks like you use some 3rd party high-security addon, which isn't based on NTLM at all. It's possible the solution emulates some kind of one-time NTLM equivalency hashes per session to remain compatible with Windows network sharing / ISA proxy, but I would bet on it.
I'll get to is as soon as possible.
I really hope that for this new year this functionnality will be implemented in CNTLM...
Thanks for your work...
any news on this? I'm also in a smartcard/PIN environment and without cntlm the network feels like a straightjacket :)
oh, almost forgot.. This should help : http://en.wikipedia.org/wiki/Integrated_Windows_Authentication
This is what firefox also uses to auth to intranet websites (domains configurable through one of the ntlm about:config settings) and proxy
Well, this is called SSPI - Microsoft variant of the GSSAPI. I've done a basic support of that (got the same problem, overcome it by writing my code) - you can check my github: https://github.com/Evengard/cntlm
For now it supports only NTLMSSP (it is enough for me, I am behind a Forefront TMG proxy also in a Smartcard+PIN environement, and it is working with NTLMSSP), but maybe later I will add more possibilities.
Code is mostly based on cURL implementation of SSPI.
Last edit: Evengard 2013-06-05
Thank you very much. It's very useful for me.
Looks like cntlm project is abandoned.
Where can I get binaries for your fork, Evengard?
Actually I never released binaries, but well you can try this one:
https://app.box.com/s/4mdowgyhnsfqdda9ut3tn2q76wwcxh49
It was compiled with cygwin (dlls included), just change in the "cntlm.ini.sample" your proxy server (no need to change the user, password and domain) and check that the "SSPI NTLM" isn't commented out, then rename the file to cntlm.ini and use it.
Tested on WinXP and Win7, works fine for me.
Last edit: Evengard 2015-02-04
Hello mate! This is exactly what I am looking for at the moment, as I need to make an easier deploy for my users, but I cannot manage to compile your source and your box link seems to be over bandwidth, would really appreciate a mirror link.
V
@Evengard - Frikkin Awesome! Thanks a lot, that's solved a whole world of pain for us.
Is there any chance somebody can update this to include NTLMv2 as well?