NTLM without Service Account

留言板

Yves Legrand，修改在13 年前。

NTLM without Service Account

Regular Member 帖子: 156 加入日期: 09-11-18 最近的帖子

Hi there,

maybe someone knows about this:

What are the necessary steps in Liferay 6.0.6 CE to use NTLM wihtout a service account?
We won't get one.

Cheers,
Yves

Marcellus Tavares，修改在13 年前。

RE: NTLM without Service Account

Regular Member 帖子: 142 加入日期: 09-10-26 最近的帖子

It's not possible Yves.

Yves Legrand，修改在13 年前。

RE: NTLM without Service Account

Regular Member 帖子: 156 加入日期: 09-11-18 最近的帖子

Hi Marcellus,

thanks for your answer.

But what does that mean "it is not possible"? Out-of-the-Box it is not possible or is it a very big effort to implement this? Maybe one has to write a hook, change some libs or something? Why it is not possible? I would appreciate if you could explain this in more detail? emoticon

As we know, Liferay 5.2.3 CE contains NTLM without Service Account.

Cheers,
Yves

Marcellus Tavares，修改在13 年前。

RE: NTLM without Service Account

Regular Member 帖子: 142 加入日期: 09-10-26 最近的帖子

Hi Yves,

The Service Account is needed to authenticate users when you're using NTLMv2. Actually, this solution works fine for both NTLM and NTLMv2. That's why we added to Liferay 6.

Could you explain me why you don't want to create the service account?

Cheers

Yves Legrand，修改在13 年前。

RE: NTLM without Service Account

Regular Member 帖子: 156 加入日期: 09-11-18 最近的帖子

Hi Marcellus,

it's not me who does not want to create this account. It is my customer.
In addition computer accounts do not have passwords per default, do they?
So it means additional effort for my customer to install this.

In my opinion it would make sense to distinguish between NTLM and NTLMv2.
When using NTLM no Service Account should be needed. What do you think?

Best wishes,
Yves

Tom Mahy，修改在12 年前。

RE: NTLM without Service Account

Regular Member 帖子: 103 加入日期: 11-5-11 最近的帖子

Hi Yves.

I have the exact same problem. Its the customer that doesnt want to make the service account.
So i guess im going to have to hack a liferay 5 feature into liferay 6.

Upgrades are going to become very tedious :-)

Marcellus Tavares，修改在12 年前。

RE: NTLM without Service Account

Regular Member 帖子: 142 加入日期: 09-10-26 最近的帖子

Tom Mahy:

Hi Yves.

I have the exact same problem. Its the customer that doesnt want to make the service account.
So i guess im going to have to hack a liferay 5 feature into liferay 6.

Upgrades are going to become very tedious :-)

Hi Tom, is there any specific reason for that?

Tom Mahy，修改在12 年前。

RE: NTLM without Service Account

Regular Member 帖子: 103 加入日期: 11-5-11 最近的帖子

Hi Marcellus,

What i meant to say it that i always try to keep the liferay versions as close to vanilla as possible.
And each core modification we are going to add is adding costs to future upgrades.

Shuaib K，修改在12 年前。

RE: NTLM without Service Account

New Member 帖子: 19 加入日期: 11-8-6 最近的帖子

With the NTLM enabled on Liferay CE 6.0.6/Windows Server 2003, when I browse to the Liferay portal on Internet Explorer, I get the default login page. I then have to click on the 'Sign In' link at the top right corner of the page in order to get to the welcome page of the logged-in user without entering in any user name or password. Is this how the Single Sign On works in Liferay? Isn't there any way to go to the welcome page directly as soon as you enter in the Liferay portal URL on your browser? There should be a way to bypass the default login page. Please advise.

marco ronconi，修改在12 年前。

RE: NTLM without Service Account

New Member 发布: 1 加入日期: 11-8-31 最近的帖子

Hi Tom,
I have the same problem with the service account, you solved it somehow ?

Thank you so much
Marco

Tom Mahy，修改在12 年前。

RE: NTLM without Service Account

Regular Member 帖子: 103 加入日期: 11-5-11 最近的帖子

Marco,

Create a Login action.
This will be triggered when the page is launched.

Then you will need to write the ntlm authenticator yourself.
HttpClient library is a good start.
http://hc.apache.org/httpclient-3.x/authentication.html

Good luck.

Regards,
Tom Mahy