Hi All, What is the status of this issue?
https://issues.apache.org/bugzilla/show_bug.cgi?id=41263 I am interested in this because NTLMSSP authentication is basically not possible unless the remote port is accessible and I want people to be able to use my product through Apache if possible. The reason it is not possible is because the NTLMSSP protocol is a three message "handshake" so it requires storing state with the connection at least temporarily. If you store the state in the session using the same key, that state may be incorrectly read or overwritten if multiple requests from different connections with the same session ID are processed concurrently. The only solution that I am aware of is to store the state in the session but use a key that includes the remote port. Without the remote port is is basically impossible to correctly implement NTLMSSP authentication through mod_jk. Can anyone indicate as to how this issue might be resolved either by implementing getRemotePort via mod_jk or by using another method of discerning connections from one another? I write C just as well as I do Java so I'm willing to create a patch if someone can provide a pointer and any implementation hints they might have or snags they might know of. Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org