[Webkit-unassigned] [Bug 122952] [GTK][WPE] Add NTLM authentication enabled API
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 5 06:20:34 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=122952
Michael Catanzaro <mcatanzaro at gnome.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #19 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Brian Holt from comment #0)
> From Dan Winship:
> There are some arguments against enabling it by default; if you have the
> client-side samba stuff installed, and are logged into a Windows domain,
> then NTLM authentication can happen completely transparently (ie, no
> "authenticate" signal, no password dialog) using the cached credentials, and
> there are attacks against intranets that you could make using that
> functionality if you could hijack someone's http connection... so it's best
> to only have it get used when the app is explicitly expecting it to be used
> (as in evolution).
>
> Instead we should expose an API in WebKit like
>
> WEBKIT_API void
> webkit_web_context_set_ntlm_authentication_enabled(WebKitWebContext *context,
> gboolean
> enabled);
>
> that sends a message to the WebProcess (or NetworkProcess), which in turn
> will add the feature to the soup session using
>
> soup_session_add_feature_by_type (session, SOUP_TYPE_NTLM_AUTH);
Firefox enables it by default. And if it's not enabled, you cannot access websites that are gated by NTLM auth. For web compat, I think we have to match other browsers.
(In reply to Carlos Garcia Campos from comment #14)
> I've been told that we don't really need this. We already support gssapi,
> and that supports ntlm if the right package is installed. Paul, could you
> confirm it works for you by installing gss-ntlmssp and without the patch?
> What libsoup version are you using, btw?
In Fedora the package is gssntlmssp. I confirmed that installing the package is not enough to make NTLM work on the test page http://ntlm.herokuapp.com/. I use gssapi every day for kerberos auth, and that works fine. So only NTML is not working. Reopening.
(In reply to Paul van Tilburg from comment #18)
> Years have passed and I can confirm that in Ubuntu 18.04 LTS (Bionic) works
> out of the box using the normal authentication callbacks, so this bug report
> can be closed.
I don't know how to explain this. Maybe something broke between then and now.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200905/d1422398/attachment-0001.htm>
More information about the webkit-unassigned
mailing list