[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Bug report: NTLM proxy authentication credentials

From: Yann <yann_eads_at_yahoo.fr>
Date: Mon, 25 Feb 2008 18:54:43 +0100 (CET)

   
   
> -----Message d'origine-----
> De : Stefan Küng [mailto:tortoisesvn_at_gmail.com]
> Envoyé : jeudi 21 février 2008 17:35
> Ŕ : users_at_tortoisesvn.tigris.org
> Cc : yann_eads_at_yahoo.fr
> Objet : Re: Bug report: NTLM proxy authentication credentials
>
> Yann wrote:
> > Hello,
> >
> > I try to contact an SVN server behind my corporate proxy which needs an
> > NTLM authentication. The proxy is properly configured in Settings with
> > IP address, port, username (using the domain\username format) and
> > password. Using these credentials work from a web browser but Checkout
> > from TSVN doesn't. The error message is the following:
> > PROPFIND request failed on '/'
> > PROPFIND of '/': Could not create SSL connection through proxy server:
> > Could not authenticate to proxy server: could not parse challenge
> >
> > Using a network capture, I could find what the problem is:
> > TSVN correctly replies to NTLM queries and challenges from the proxy but
> > doesn't provide the appropriate credentials. It seems that the username
> > and password provided in the Settings are ignored and the Windows
> > session login credentials are used instead. Actually I am sure that the
> > domain name is not the right one, I am not sure for the user name since
> > it's the same for both the Windows login and the web proxy in my case.
>
> Isn't NTLM *supposed* to use the windows login credentials? Otherwise it
> would be pretty much useless.
> Maybe what you want is basic authentication. You have to configure your
> proxy accordingly.
>
  I'm talking about my corporate proxy, and then I cannot re-configure it. My case is that we use different login/passwords in my company and that each login is associated to a different Windows domain. And the Windows login domain is not the same as the Internet connection domain.
  Moreover, Tortoise SVN configuration interface allows specifying a username/password for the proxy. What is entered here is just ignored in my case (at least the leading "<domain_name>\" in the username).
  As the feature is already included, I conclude it's not useless and it's a bug.
   
> > From the wireshark capture:
> > - 1st CONNECT request
> > Calling workstation domain: my_windowslogin_domain (ok, guess it's
> normal)
> > Calling workstation name: my_machine
> > - Proxy reply
> > HTTP 407 Proxy Authentication Required
> > Domain: my_proxy_domain (which is different than my_windowslogin_domain)
> > - 2nd CONNECT request
> > Domain name: my_windowslogin_domain (should be my_proxy_domain)
> > User name: my_login_username (should be my_proxy_username)
> > - Proxy reply
> > HTTP 403 Forbidden
> >
> > Reading the capture, it becomes obvious that the credentials specified
> > in the Settings of TSVN are not used and the authentication then fails
> > (the windows session domain is different than the web proxy domain in my
> > case).
> >
> > I'm using version 1.4.8 released on 2007.02.16.
>
> You have to ask this question on the Subversion mailing list, because
> proxy authentication is done by the Subversion library, not TSVN.
>
  Ok, thank you for notifying me of that difference. I will send a message to this list.
   
> Stefan
  Yann
   
>
>
> --
> ___
> oo // \\ "De Chelonian Mobile"
> (_,\/ \_/ \ TortoiseSVN
> \ \_/_\_/> The coolest Interface to (Sub)Version Control
> /_/ \_\ http://tortoisesvn.net
   
  
       
---------------------------------
 Yahoo! Mail : un mail innovant avec Messenger compatible Windows Live + stockage illimité.
Received on 2008-02-25 18:55:48 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.