Support of NTLMv2 for Chrome on Mac

747 views
Skip to first unread message

Bakke, Ståle

unread,
Mar 21, 2016, 9:57:25 AM3/21/16
to net...@chromium.org

Hi

 

As I understand in http://dev.chromium.org/developers/design-documents/http-authentication, Chrome on Mac does not support NTLMv2. Is this something that will be supported in later versions?

 

 

Regard

Ståle

Eric Roman

unread,
Mar 21, 2016, 12:13:33 PM3/21/16
to Bakke, Ståle, net...@chromium.org, Asanka Herath, Ryan Sleevi
This is issue 22532.

cc-ing some folks who can comment on its status.

--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To post to this group, send email to net...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/006090E2AFC51547A7962C33224CBEF001B7FD81D9%40SE-EX022.groupinfra.com.

Asanka Herath

unread,
Mar 21, 2016, 2:40:42 PM3/21/16
to Eric Roman, Bakke, Ståle, net...@chromium.org, Ryan Sleevi
On Mon, Mar 21, 2016 at 12:13 PM Eric Roman <ero...@chromium.org> wrote:
This is issue 22532.

cc-ing some folks who can comment on its status.

On Mon, Mar 21, 2016 at 6:56 AM, Bakke, Ståle <stale...@cgi.com> wrote:

Hi

 

As I understand in http://dev.chromium.org/developers/design-documents/http-authentication, Chrome on Mac does not support NTLMv2. Is this something that will be supported in later versions?


As Eric pointed out, this is issue 22532. But there's no short term commitment for supporting NTLMv2 on Posix.

Moving off of NTLMv1 is something that we'd definitely like to do, but dropping in a new NTLMv2 implementation or adopting an existing one hasn't crossed the feasibility threshold. Every time this comes up, the requestor is really looking for some combination of SSL (if the motivation is an adversarial network) and/or SSO using something like Kerberos over Negotiate (if the motivation is SSO). However, the sustained usage of NTLM indicates that neither of these two are options that folks are interested in pursuing. So perhaps we should reprioritize issue 22532.

MacOS is a bit special since GSS.Framework already supports NTLM. Configuration is a bit tricky, but it's possible to get NTLMv2 working with GSSAPI (interestingly, issue 167140 was an instance where this was happening inadvertently).
Reply all
Reply to author
Forward
0 new messages