Wednesday, March 07, 2012
Tuesday, February 28, 2012
The company I work for had been having issues getting NTLM authentication to work between a Windows 7 client PC, domain servers, and CXF web services. In the end I got it working through HTTP Negotiate Auth and a registry setting, below is the paragraph I sent as an explanation:
With Windows 7 and changing the lmcompatibility level to 4 on the client (Clients use NTLMV2 for auth and NTLMv2 session security if server accepts, Domain controller refuses LM auth responses but accepts NTLM and NTLMv2 -- http://technet.microsoft.com/en-us/library/cc960646.aspx), the client and server were no longer accepting LM authentication. Kerberos is preferred to NTLM, and since when LM was disabled the servers responded with HTTP 401 errors indicating that the only allowable mechanisms were NTLM and Negotiate (NTLM or Kerberos -- http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html), it was decided to use Negotiate with Kerberos, since that is what the below Linux code was already doing. On windows this required an extra registry setting "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\AllowTgtSessionKey", a REG_DWORD set to 1 -- http://support.microsoft.com/kb/837361, along with the regular Kerberos config files (krb5.conf and login.conf).
Saturday, July 09, 2011
it's been a little while since I've posted. Lots of things change, still loving life and doing it in Illinois. This year has been flying by, and I'm about to turn 31. I have a wonderful family and 4 beautiful nieces (about to have another niece/nephew, holidays are getting crowded :)).
Just bought a 2005 Honda Repsol CBR 1000RR. It's a lot of fun. I think mostly I put what I'd put here on facebook posts now. Do people still blog?