Check out win32\demos\security\sspi - there you should find enough info to get you started, including a *client* that uses NTLM to authenticate with a server (which means in practice, you probably need to configure IIS for NTLM auth to test this)
The issue with integrating it into httplib or similar is that the authentication process is quite different than http basic auth. In summary, NTLM is a multi-step challenge/response system - ie, you end up taking a number of requests, often 3, to get a "secure" channel. Further, it is the channel itself which is secured - eg, the socket. Once the socket is closed, you must re-authenticate from scratch again - the info you negotiated in your first connection is no longer any use. The only way I could find to integrate this with a httplib style class was to implement an "onrequest callback" - a hook that the connection class would call with the raw headers etc, and a way for that callback to modifiy the request headers and tell the class to retry the operation with the new headers. At some stage, the callback will hopefully return a result indicating auth is complete, so no further retries are necessary and comms can continue without further worrying about auth until the socket closes. Further, it then had to associate the authentication token with the socket itself. Hope this helps - check out the sspi demos and let me know if you have any questions (the server side of the authentication dance is almost identical to the client side, as you will see) Cheers, Mark > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:python-win32- > [EMAIL PROTECTED] On Behalf Of Trent Nelson > Sent: Thursday, 12 June 2008 6:03 AM > To: python-win32@python.org > Subject: [python-win32] Hooking in NTLM... > > Howdy, > > Mark, I vaguely recall a brief chat we had at PyCon where you said > you'd hooked NTLM into, um, some sort of web-enabled Python environment > ;-) I can't remember the details (hope you can!), but I'm interested > in whatever you came up with. Currently, if I want to 'seamlessly' get > a user's Windows domain login credentials, I set up httpd with > mod_auth_sspi then redirect/proxy to a Python web-aware program (i.e. > something on Twisted). > > Would be nice to hook the NTLM stuff directly into the Python > request/response http level, if possible. > > Trent. > _______________________________________________ > python-win32 mailing list > python-win32@python.org > http://mail.python.org/mailman/listinfo/python-win32 _______________________________________________ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32