• Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Status as of 27 April 2011

      Hi folks,
      Kerberos is preferred to NTLMv2 as a method of authentication. Where NTLM is required, third party plugins have been made available on plugins.atlassian.com that enable Kerberos and NTLM, and can be found here and here. These solutions are in use by many of our customers and are working well. NTLMv2 support not be in the long term roadmap for Crowd, and we're spending our time and effort improving Crowd to be more scalable, reliable and fast!

      We've decided to close this issue because we feel that by leaving it open, there's undue expectation that the issue is being actively worked on, and we don't want to give you the wrong information.

      Regards,
      Eugene Mak
      Atlassian Product Management

      Many customer ask to be able to use their windows logins for confluence or jira. This would be a wonderful addition.

            [CWD-760] Does Crowd support NTLM v2 for Vista

            Hi everyone,

            Just letting you know that we've updated the current Atlassian status in the description of this issue, and you should go check it out!

            Eugene Mak
            Atlassian Product Management

            Eugene Mak [Atlassian] added a comment - Hi everyone, Just letting you know that we've updated the current Atlassian status in the description of this issue, and you should go check it out! Eugene Mak Atlassian Product Management

            To add a little more detail:

            Java applications can do NTLMv1 because it's a crap protocol - they're essentially executing a man-in-the-middle attack to make the protocol work.

            NTLMv2 is significantly better, but there isn't a reliable way to do NTLMv2 from Java.

            Kerberos is the best option because it's designed for this kind of use-case. Only requirement that it enforces over NTLMv2 is that all machines involved must be joined to a domain. Which shouldn't be a problem for most.

            David O'Flynn [Atlassian] added a comment - To add a little more detail: Java applications can do NTLMv1 because it's a crap protocol - they're essentially executing a man-in-the-middle attack to make the protocol work. NTLMv2 is significantly better, but there isn't a reliable way to do NTLMv2 from Java. Kerberos is the best option because it's designed for this kind of use-case. Only requirement that it enforces over NTLMv2 is that all machines involved must be joined to a domain. Which shouldn't be a problem for most.

            Just a general note. NTLMv2 is not going to be the way we go with this, more than likely (when we get around to it) will be using Kerberos, which is the preferred way when it comes to IWA.

            Justin Koke added a comment - Just a general note. NTLMv2 is not going to be the way we go with this, more than likely (when we get around to it) will be using Kerberos, which is the preferred way when it comes to IWA.

            We evaluated Crowd a year ago, but due to its dependence on NTLM v1 for SSO in our Windows domain network, we passed. If NTLM v2 was configurable, we'd re-evaluate the product. Vote!

            Tyler Tyler added a comment - We evaluated Crowd a year ago, but due to its dependence on NTLM v1 for SSO in our Windows domain network, we passed. If NTLM v2 was configurable, we'd re-evaluate the product. Vote!

            Hi Andreas,

            Unfortunately, we don't currently support NTLM v2, nor do we have a definitive timeline for doing so.

            We're currently hard at work sorting out v1.3 of Crowd, and for v1.4 we hope to revisit our NTLM support. I can't promise that we'll be able to add NTLM v2 support, but we will look into it.

            Please vote for this issue (the link is on the left), as we use votes to prioritise work for our releases.

            Regards,
            Dave.
            Crowd Team Lead.

            David O'Flynn [Atlassian] added a comment - Hi Andreas, Unfortunately, we don't currently support NTLM v2, nor do we have a definitive timeline for doing so. We're currently hard at work sorting out v1.3 of Crowd, and for v1.4 we hope to revisit our NTLM support. I can't promise that we'll be able to add NTLM v2 support, but we will look into it. Please vote for this issue (the link is on the left), as we use votes to prioritise work for our releases. Regards, Dave. Crowd Team Lead.

            Hello

            All Microsoft Vista Clients use the default NTLM v2. Does your NTLM development within Crowd support this NTLM version? In the case of no, what is the schedule for this development?

            Kind regards Andreas Zurell

            Zurell, Andreas added a comment - Hello All Microsoft Vista Clients use the default NTLM v2. Does your NTLM development within Crowd support this NTLM version? In the case of no, what is the schedule for this development? Kind regards Andreas Zurell

              justen.stepka@atlassian.com Justen Stepka [Atlassian]
              8760380ff263 Zurell, Andreas
              Votes:
              14 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: