go-http-ntlm icon indicating copy to clipboard operation
go-http-ntlm copied to clipboard

Published 20 hours ago verified publisher icon vadimi

Feature ask to support encryption....

Open subbartt opened this issue 3 years ago • 2 comments

We are trying a POC for winrm communication from Linux to windows using ntlm. Currently this package only support auth. So, in winrm we need to explicitly set winrm set winrm/config/service @{AllowUnencrypted="true"} on the target side to get the POC working. Can you add the encryption support to the package? Alternatively, can you share any pointers, we can look into adding encryption support.

Thanks, Subba

subbartt avatar Jul 21 '21 13:07 subbartt

@subbartt this library only allows to configure TLS through http.Transport TLSClientConfig property. But if you're asking about something like Kerberos encryption - then this is not supported and to be honest it's not the goal of this library.

vadimi avatar Jul 21 '21 18:07 vadimi

@vadimi , looking for the encryption support at the NTLM protocol level itself and not at the higher protocols (http / https). NTML client can request for keys exchange and encryption to keep the channel encrypted at the NTLM level itself irrespective of using https or not to keep the NTLM channel encrypted. http://davenport.sourceforge.net/ntlm.html

Even https://github.com/Azure/go-ntlmssp does not support the same.

This package only implements authentication, no key exchange or encryption. It only supports Unicode (UTF16LE) >>encoding of protocol strings, no OEM encoding. This package implements NTLMv2

subbartt avatar Jul 22 '21 04:07 subbartt