WinRM(WsMan)和NTLM身份验证

时间:2017-08-10 21:21:28

标签: java apache-httpclient-4.x ntlm winrm wsman

我尝试在WsMan连接期间使用NTLM身份验证。但WinRm不直接支持NTLM方案的问题。 这是响应标题:

21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 401 [\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: Microsoft-HTTPAPI/2.0[\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "WWW-Authenticate: Kerberos[\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "WWW-Authenticate: CredSSP[\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Thu, 10 Aug 2017 18:57:33 GMT[\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: close[\r][\n]"
21:57:33.557 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 0[\r][\n]"

官方文件中未提及NTLM计划 https://docs.microsoft.com/en-us/powershell/module/Microsoft.WsMan.Management/Get-WSManInstance?view=powershell-5.1

但它说

  

协商。谈判是一种谈判的挑战 - 响应计划   与服务器或代理确定要使用的方案   认证。例如,此参数值允许   协商以确定Kerberos协议或NTLM是否   使用

我尝试使用SPNEGO架构

RegistryBuilder<AuthSchemeProvider> builder = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory());

但最后,它失败了https://pastebin.com/gGNEHGpx 所以看起来NTLM是SPNEGO的子机制,但如何正确使用Apache http-client?

2 个答案:

答案 0 :(得分:1)

协商意味着Kerberos或NTLM。 https://blogs.technet.microsoft.com/tristank/2006/08/02/two-easy-ways-to-pick-kerberos-from-ntlm-in-an-http-capture/

答案 1 :(得分:0)

我找到了一个可以正常使用WinRm的SpNegoNTLMSchemeFactory https://gist.github.com/moberwasserlechner/4690931

JCIFSEngine.java == apache NTLMEngineImpl.java SpNegoNTLMSchemeFactory.java == apache NTLMSchemeFactory.java

SpNegoNTLMScheme.java!= apache NTLMScheme.java 但唯一的区别是

  @Override
  public String getSchemeName() {
    return AuthSchemes.SPNEGO; //<- apache class return NTLM here
  }


  @Override
  public Header authenticate(final Credentials credentials, final HttpRequest request) throws AuthenticationException {
    ...
    buffer.append(": ");
    buffer.append(getSchemeName().toUpperCase());  //<- apache class return NTLM here
    buffer.append(" ");
    buffer.append(response);
    return new BufferedHeader(buffer);
  }
相关问题
最新问题