NTLM/Negotiate authentication over HTTP
Clone or download
davejohnston and boumenot Negotiation fails for servers where 'NTLMv2 session security' is req…
…uired (#18)

If a server has specified that NTLMv2 session security is required,
    then negotiation will fail as the client does not advertise this during
    the handshake. The negoiate message needs to include the relevant
    flag 'negotiateFlagNTLMSSPNEGOTIATEEXTENDEDSESSIONSECURITY'

    To test enable this on the remote server by using regedt32 to modify the
    key
    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\NtlmMinServerSec and
    set the value to 0x20080000
Latest commit 4a21cbd Aug 10, 2018

README.md

go-ntlmssp

Golang package that provides NTLM/Negotiate authentication over HTTP

GoDoc Build Status

Protocol details from https://msdn.microsoft.com/en-us/library/cc236621.aspx Implementation hints from http://davenport.sourceforge.net/ntlm.html

This package only implements authentication, no key exchange or encryption. It only supports Unicode (UTF16LE) encoding of protocol strings, no OEM encoding. This package implements NTLMv2.

Usage

url, user, password := "http://www.example.com/secrets", "robpike", "pw123"
client := &http.Client{
  Transport: ntlmssp.Negotiator{
    RoundTripper:&http.Transport{},
  },
}

req, _ := http.NewRequest("GET", url, nil)
req.SetBasicAuth(user, password)
res, _ := client.Do(req)

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.