Perhaps you can code the NTLM into ICS FTP Server demo? Believe me there is DEMAND for it! Fastream offers you $200 for the task to be completed in 10 days plus we can help you test. I know $200 is not much for a German company but this code could be used by many people so it's well spent effort (remember we will donate the demo).
Best Regards, SZ On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: > BTW: You also could use the LogonUser API since you know both > username as well as password. > > Arno Garrels wrote: > > Fastream Technologies wrote: > >> Hello Arno, > >> > >> Either we are having a kind of communication problem or you did not > >> read what I sent you privately. We prefer to sponsor YOU to do it for > >> some money so that WE donate the code to OVERBYTE. > > > > I think what you want is something that should be coded at the > > application level. Derive your own component from TFtpCtrlSocket add > > a TNtlmAuthSession. When the user is logged validate user > > credentials, don't cleanup the session. Before a transfer starts you > > will have to impersonate the context at least once temporarily in > > order to check whether access is allowed. If subsequent read/write > > operations shall be executed in server context the server must own > > the same or higher privileges, of course. I've never coded something > > like that so it's just an idea of how it might work. > > > >> If this is not > >> possible, then there are some more questions we must ask. Such as > >> what should be passed to "domain" which was not asked in our reverse > >> proxy! > > > > AFAIR, if blank current domain or local host is used, otherwise > > specified domain, but not for sure, it was very easy to scribble a > > small test project to find that out. > > > > -- > > Arno Garrels [TeamICS] > > http://www.overbyte.be/eng/overbyte/teamics.html > > > >> > >> Regards, > >> > >> SZ > >> > >> On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: > >>> Fastream Technologies wrote: > >>>> Ok. Another misunderstanding... Let me explain: the client will > >>>> send the USER PASS just as any FTP client does. Then the server > >>>> will decide what rights he has wrt Activedirectory domain. I hope > >>>> you get it now. > >>> > >>> In OverbyteIcsNtlmSsp.pas have a look at function > >>> > >>> TNtlmAuthSession.ValidateUserCredentials( > >>> const AUser, APassword, ADomain: String; > >>> CleanUpSession: Boolean): Boolean; > >>> > >>> If you want to call ImpersonateContext/RevertContext pass FALSE in > >>> parameter CleanUpSession. > >>> > >>> -- > >>> Arno Garrels [TeamICS] > >>> http://www.overbyte.be/eng/overbyte/teamics.html > >>> > >>>> > >>>> Regardsi, > >>>> > >>>> SZ > >>>> > >>>> On 5/8/07, Arno Garrels <[EMAIL PROTECTED]> wrote: > >>>>> Fastream Technologies wrote: > >>>>>> I am talking about FTP SERVER. Can you help us build NTLM > >>>>>> security to TFtpServer? Or, IS THIS POSSIBLE? > >>>>> > >>>>> Do you know any FTP client with NTLM support? > >>>>> > >>>>> -- > >>>>> Arno Garrels [TeamICS] > >>>>> http://www.overbyte.be/eng/overbyte/teamics.html > >>>>> > >>>>>> > >>>>>> Regards, > >>>>>> > >>>>>> SZ > >>>>>> > >>>>>> On 5/7/07, Arno Garrels <[EMAIL PROTECTED]> wrote: > >>>>>>> I missed the keyword "FTP". NTLM isn't available in any of the > >>>>>>> FTP components. > >>>>>>> > >>>>>>> Arno Garrels wrote: > >>>>>>>> Fastream Technologies wrote: > >>>>>>>> > >>>>>>>>> - Arno told me that one would need to impersonate the thread > >>>>>>>>> and then attempt to read/write on network. However, since the > >>>>>>>>> thread is also used by other users, would we need to > >>>>>>>>> impersonate every time we do a TFileStream operation?? Or is > >>>>>>>>> it just for the test?? > >>>>>>>> > >>>>>>>> If the server admin wants to control access to files'n folders > >>>>>>>> only by Windows security you probably hit the point where one > >>>>>>>> (impersonated) thread per user was best choice? Otherwise you > >>>>>>>> could handle NTLM like any other authentication type. > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Arno Garrels [TeamICS] > >>>>>>>> http://www.overbyte.be/eng/overbyte/teamics.html > >>>>>>> -- > >>>>>>> To unsubscribe or change your settings for TWSocket mailing list > >>>>>>> please goto http://www.elists.org/mailman/listinfo/twsocket > >>>>>>> Visit our website at http://www.overbyte.be > >>>>> -- > >>>>> To unsubscribe or change your settings for TWSocket mailing list > >>>>> please goto http://www.elists.org/mailman/listinfo/twsocket > >>>>> Visit our website at http://www.overbyte.be > >>> -- > >>> To unsubscribe or change your settings for TWSocket mailing list > >>> please goto http://www.elists.org/mailman/listinfo/twsocket > >>> Visit our website at http://www.overbyte.be > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
