atom feed1 message in org.apache.hc.httpclient-usersRe: NTLMv2 connection
FromSent OnAttachments
Oleg KalnichevskiJan 18, 2013 2:49 pm 
Subject:Re: NTLMv2 connection
From:Oleg Kalnichevski (ole@apache.org)
Date:Jan 18, 2013 2:49:55 pm
List:org.apache.hc.httpclient-users

On Fri, 2013-01-18 at 13:43 -0600, Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.] wrote:

When I login to my Exchange server via http-client for the first time, I get the
following string out of the http-client to the server log. Subsequent
connections does not get the below warning. All transactions are working
properly.

My sysops production person has asked if this warning can be suppressed since we
think we understand it, and it is not really a problem.

My guess is that in the NTLMv2 negotiation, the Exchange server first requests a
Kerberos ticket. If the ticket is unavailable, the server requests credentials,
and this warning is issued by http-client. Do I have this right?

Is there a way to suppress this warning?

2013/01/18 13:32:58:412 CST [WARN] RequestTargetAuthentication - NEGOTIATE
authentication error: No valid credentials provided (Mechanism level: No valid
credentials provided (Mechanism level: Failed to find any Kerberos tgt))

There are two things you could do:

(1) Configure the 'org.apache.http.client.protocol.RequestTargetAuthentication' logger to log at ERROR priority only.

(2) Disable the SPNego auth scheme altogether by removing it from the registry of supported auth schemes.

Oleg