Whittled down to the minimum, I have:
use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; use Authen::NTLM; use LWP::ConsoleLogger::Everywhere; ntlmv2(1); my $ua = LWP::UserAgent->new(keep_alive => 1, ssl_opts => { verify_hos +tname => 0 }); $ua->credentials(internal.com:9004', '', 'user', 'pass'); my $req = GET “https://internal.com:9004/api”;
I assume because it is an internal site, if I don't turn off verify_hostname, I get:
500 Can't connect to internal.com:9004 (Bad File descriptor)
However, if I turn off verify_hostname, the ConsoleLogger shows that I am attempting to do my NTLM authentication, however I can't seem to get by:
401 Unauthorized
I do notice in the result header a warning:
Client-SSL-Warning: Peer certificate not verified
I'm wondering if my authentication problems are due to not verifying the host. I'd prefer that, but I've tried downloading certificates, extracting a fingerprint, but can't seem to get past the 500 error without turning off verify_hostname. How can I verify my internal site? And/or should I be looking elsewhere for my NTLM Authentication issue?
I'm attempting this from Strawberry on Windows, but I am able to authenticate against my internal site using curl from one of my linux hosts, so I know the url and credentials are correct.
In reply to NTLM Authentication w/ Internal Site by DanEllison
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |