Rack middleware for transparent authentication with NTLM.
This is a fork from lukefx/rack-ntlm on Github. Unlike dtsato/rack-ntlm it’s going to work with any password backend even with smbpasswd file.
This is work in progress so I recomend you don’t use this code in a production environment unless you really know whant you’re doing.
This code has been written with Rack 1.0.1 installed. It may work with older version as well as with newer ones but no warranites.
Because this is a Rack component you can use it with any Ruby framework that works with Rack. To protect a simple Sinatra appliaction you should write:
use Rack::Auth::NTLM do |username| # Fetch username's password hash from a password backend # return nil on any error. end
When a client needs to authenticate itself to a proxy or server using the NTLM scheme then the following 4-way handshake takes place (only parts of the request and status line and the relevant headers are shown here; “C” is the client, “S” the server):
1: C –> S GET …
2: C <– S 401 Unauthorized
WWW-Authenticate: NTLM
3: C –> S GET …
Authorization: NTLM <base64-encoded type-1-message>
4: C <– S 401 Unauthorized
WWW-Authenticate: NTLM <base64-encoded type-2-message>
5: C –> S GET …
Authorization: NTLM <base64-encoded type-3-message>
6: C <– S 200 Ok
Copyright © 2009-2010 [Rack-Ntlm], released under the MIT license