Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

where is the service 'ntlm.request' ? #1

Open
ahurt2000 opened this issue Mar 20, 2013 · 4 comments
Open

where is the service 'ntlm.request' ? #1

ahurt2000 opened this issue Mar 20, 2013 · 4 comments

Comments

@ahurt2000
Copy link

Hi,
I try to understand this bundle to implement something like this with 2.1.
I can not find the service 'ntlm.request' on any side. Is there, or something is missing?

in BrowserCreative\NtlmBundle\Security\Authentication\Provider;

$ldapRequest = $this->container->get('ntlm.request');

regards
@ahurt2000
Copy link
Author

Ok, I guess you uses this lib https://github.com/loune/php-ntlm

@zenmedia
Copy link

Hi, I agree with this as I have a similar issue.

@gggeek
Copy link

gggeek commented May 26, 2016

To anyone interested: I have started work on fixing this issue, i.e. integrating the base library needed for ntlm support.

The work is ongoing, and can be seen at: https://github.com/kaliop-uk/NtlmBundle/tree/issue-1

It is already in much better shape than the current master bundle:

  • support for installation via Composer (the bundle is not registered in Packagist yet, so you wll need to add an extra repository in composer.json)
  • support for Sf 2.8 (not sure if it was working on older versions, but it definitely was missing code to allow usage of the new firewall definitions)

but a lot is still missing, esp. the possibility to inject more parameters into the authenticator service.

If there is any interest, I might put more effort into it.
Otherwise, I will put my fork on standby, as I am currently inclined to research Kerberos-based solutions rather than NTLMv2 ones - the main problem I have with NTLM is that my webserver does not have access to the passwords of the users, so it can not compute the ntlm hash needed to insure safety of the solution...

@gggeek
Copy link

gggeek commented Jun 1, 2016

Status update:

  • the code in the 'issue-1' branch has been heavily refactored to be more in line with how Sf 2 does authentication in recent releases
  • I have had confirmation that the samba 'ntlm_auth' tool might be used to validate the password hashes sent by the browsers, without the need to access directly the AD user database. You 'just' need to have samba installed on the webserver and configured to be part of the domain (the problem mentioned in the previous message)
  • I have also been discouraged (by Samba devs) to pursue this path, even though it might work...
  • ...and at the same time the customer for this project agreed to move to ADFS, so I have no more need to finish the bundle.

So I am halting further developments, unless there is anybody requesting for it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gggeek @zenmedia @ahurt2000