Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

NTLM over GSSAPI/SPENGO authentication

  • 3 replies
  • 1 has this problem
  • 320 views
  • Last reply by lavpod

more options

I am testing NTLM over GSSAPI/SPENGO functionality that our proxy supports.

On mac (OSX 10.8.2), I have got FF (15.0) browser. I have added the proxy to the browser, updated network.negotiate-auth.trusted-uri, network.negotiate-auth.delegation-uris and network.automatic-ntlm-auth.trusted-uri tp point to the forward proxy I am using.

When I browse a website, here is what happens -

(proxy to FF) Proxy-Authenticate: Negotiate

(FF to proxy) Proxy-Authorization: Negotiate YEgGBisGAQUFAqA+MDygDjAMBgorBgEEAYI3AgIKoioEKE5UTE1TU1AAAQAAAAUCiGIAAAAAGAAAAAAAAAAYAAAABgGwHQ8AAAA=

(proxy to FF) Proxy-Authenticate: Negotiate oYHyMIHvoAMKAQGhDAYKKwYBBAGCNwICCqKB2QSB1k5UTE1TU1AAAgAAAAoACgAwAAAABQKJYvNEPJKZ57ZWAAAAAAAAAACcAJwAOgAAAFcAMgAwADAAOAACAAoAVwAyADAAMAA4AAEAFgBWAE0AMQAwAEIAUwBEADAAMgA3ADMABAAoAGQAZQB2AC4AcwBiAHIALgBpAHIAbwBuAHAAbwByAHQALgBjAG8AbQADAEAAdgBtADEAMABiAHMAZAAwADIANwAzAC4AZABlAHYALgBzAGIAcgAuAGkAcgBvAG4AcABvAHIAdAAuAGMAbwBtAAAAAAA=


Then FF does not respond back, instead shows "This Page Cannot Be Displayed" When I did packetcapture, it shows that FF tries to do NTLMSSP over SPENGO and sends "negTokenInit" with NTLMSSP_NEGOTIATE. When Proxy sends "negTokenTarg" with NTLMSSP_CHALLENGE, the browser does not respond back.

Please let me know if you need any more information.

All Replies (3)

more options

Try updating to Firefox 18.0.2 first, the proxy support has been improved in that version.

more options

I tried 18.0.2, I see same issue. FF does not respond to NTLM_CHALLENGE over GSSAPI.

more options

Looks like I have the issue as explained in section - "Negotiate external libraries" at http://dev.chromium.org/developers/design-documents/http-authentication