Authentication with NTLM proxy server

Robert Gruber rgruber at
Tue Sep 26 12:30:18 BST 2006


recently I've upgraded my KDE from KDE-3.4 to 3.5.4 (compiled from source). 
After updating I wasn't able to browse website with konqueror any more. The 
proxy server rejected all of my requests. But I was still able to use firefox 
for browsing.

Our proxy server uses NTLM for authentication.

When I pulled some tcpdumps I realized two differences between firefox and 
1) firefow always fills both, the NTLM response and the LanManager response, 
with the same key in the NTLMSSP_AUTH packet. konqueror only fills the NTLM 
2) konqueror doesn't send any flags in the NTLMSSP_AUTH packet. firefox does.

So I change the kntlm.cpp file a bit:

--- kntlm.cpp.orig      2006-09-26 13:05:06.000000000 +0200
+++ kntlm.cpp   2006-09-26 13:06:11.000000000 +0200
@@ -160,14 +160,14 @@ bool KNTLM::getAuth( QByteArray &auth, c

     if ( KFromToLittleEndian(ch->flags) & Negotiate_NTLM ) {
       response = getNTLMResponse( password, ch->challengeData );
-      addBuf( rbuf, ((Auth*)>ntResponse, response );
     } else {
       if ( !forceNTLM ) {
         response = getLMResponse( password, ch->challengeData );
-        addBuf( rbuf, ((Auth*)>lmResponse, response );
       } else
         return false;
+    addBuf( rbuf, ((Auth*)>ntResponse, response );
+    addBuf( rbuf, ((Auth*)>lmResponse, response );
 //  }
   if ( !dom.isEmpty() )
     addString( rbuf, ((Auth*)>domain, dom, unicode );

With this patch applied I'm now able to use konqueror to browse through the 

Can anybody with deeper insight please review this patch, and commit it if ok.

Cheers, Robert

More information about the kde-core-devel mailing list