View Issue Details

IDProjectCategoryView StatusLast Update
0003043mantisbtauthenticationpublic2014-10-02 18:21
ReporterreporterAssigned Tograngeway  
Status closedResolutionsuspended 
Platformx86OSWindows 2000 
Summary0003043: support for NTLM authentication

can we have support for NTLM authentication (Windows Integrated Authentication)? I figure it would be almost the same as BASIC_AUTH -- relying on OS for password check, and signing up user if the user does not exist in Mantis backend db.

TagsNo tags attached.


related to 0004235 closedvboctor Support Generic Authentication through Plug-ins 




2003-03-08 17:20

reporter   ~0003938

What would be more useful would be LDAP since more systems use LDAP...



2003-03-09 03:59

reporter   ~0003944

I'll assign this to vboctor since he's the only developer who actually runs mantis on windows as far as I know. He may have an opinion on how hard it would be.

Also note that there already is LDAP auth - check the config file for necessary options.



2003-03-13 20:05

reporter   ~0003979

Oops... added victor as reporter instead of handler. Fixed now



2003-04-05 11:25

reporter   ~0004134

LDAP would cover Active directory wouldn't it?



2004-10-15 09:31

reporter   ~0008054

I don't know if there is still someone waiting for NTLM in Mantis, but I have implemented it for the current 0.19.0 for our internal network.
It hides the login screen completely, signing up users on their first visit and does not depend on MS IIS or Apache modules for the transmission of NTLM messages.

I did not, however, keep up with the coding guidelines (that's why I do not post it now), but I will provide a diff or a zip of the affected files if there is any interest.



2004-12-06 00:17

reporter   ~0008518

Last edited: 2004-12-06 00:19

G'day strushb, I would be keenly interested in the NTLM mods you made to 0.19.0.

Is it done through reading the "PHP_AUTH_USER" and/or "PHP_AUTH_PW" variables when authenticated through NTLM, and then using them to create an entry in the "mantis_user_table" table?



2004-12-06 01:23

reporter   ~0008519

strushb, I too would be very interested in your work. Would you post the 19.0 mods? Thanks in advance



2005-01-10 09:31

reporter   ~0008908

After some testing within our Mantis installation, I decided that my solution is not secure, not even for controlled environments. Therefore, I cannot release this hack.
When Mantis incorporates authentication modules, I would be happy to help writing/testing any ntlm related code.



2005-03-22 15:55

reporter   ~0009637

what was the rough outline of your solution?



2014-09-22 15:55

reporter   ~0041282

Last edited: 2014-09-22 15:56

View 2 revisions

Resolving as "suspended"

We'll add support for authentication plugins, support for NTLM authentication would then be best implemented as a plugin seperate to the main code.

This issue is still linked to the parent issue regarding implementing auth plugins so at that point in time can be evaluated.

Issue History

Date Modified Username Field Change
2003-03-08 01:52 reporter New Issue
2003-03-08 17:20 teak421 Note Added: 0003938
2003-03-09 03:59 jfitzell Reporter reporter => vboctor
2003-03-09 03:59 jfitzell Note Added: 0003944
2003-03-09 03:59 jfitzell Status new => assigned
2003-03-13 20:05 jfitzell Reporter vboctor => reporter
2003-03-13 20:05 jfitzell Assigned To => vboctor
2003-03-13 20:05 jfitzell Note Added: 0003979
2003-04-05 11:25 grangeway Note Added: 0004134
2004-07-31 21:04 vboctor Relationship added related to 0004235
2004-09-02 16:45 vboctor Assigned To vboctor =>
2004-09-02 16:47 vboctor Status assigned => acknowledged
2004-10-15 09:31 strushb Note Added: 0008054
2004-12-06 00:17 sead Note Added: 0008518
2004-12-06 00:19 sead Note Edited: 0008518
2004-12-06 01:23 Matt_wc Note Added: 0008519
2005-01-10 09:31 strushb Note Added: 0008908
2005-03-22 15:55 grangeway Note Added: 0009637
2007-07-06 10:45 vboctor Category bugtracker => authentication
2014-09-22 15:55 grangeway Note Added: 0041282
2014-09-22 15:55 grangeway Status acknowledged => resolved
2014-09-22 15:55 grangeway Resolution open => suspended
2014-09-22 15:55 grangeway Assigned To => grangeway
2014-09-22 15:56 grangeway Note Edited: 0041282 View Revisions
2014-10-02 18:21 atrol Status resolved => closed