Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

NTLM authentication is not working on Jira 4.4.1

Sreenivasaraju P
Sreenivasaraju P
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 21, 2012

Want to integreate Jira with NTLM. It was working for 3.12.3. After i migrated to 4.4.1, it is not working.

Any idea on this ..

Answer
Watch
Like Be the first to like this
267 views

2 answers

0 votes
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2012

To be correct "supporting ... protocol" has never been in Atlassian interest in the context of NTLM authentication to Jira or Confluence or any other product besides Sharepoint Connector (where it is very much in their interest and that's exactly what they do there) - the support for all other applications was via a 3rd party plugin, which was NEVER supported by Atlassian.

My personal opinion is that there is a lot of FUD around Kerberos vs. NTLM on the net.

I've already quoted the developer of Jespa (surely both us and them do have a vested interest in NTLM) on this forum once about the "future of NTLM", here it is below again.

"Q: I am also a bit worried about NTLM being deprecated in favor of Kerberos - what's your take on that?

A: Kerberos does not work if they client does not have access to the DC (and under a variety of other conditions) so NTLM will never be deprecated in favor of Kerberos. At least not Kerberos in it's current form. I suspect Microsoft will eventually add some extension of Kerberos that does not have these restrictions. But if they don't have that on the drawing board yet it will be many years before they can shelve NTLM.

Note that NTLM is actually better than Kerberos in many ways. Kerberos is very fickle. Kerberos clients must have direct access to DCs, DNS has to be exactly right for clients and servers, time has to be synchronized to within usually 5 minutes on the client, server and DC, if new Kerberos keys are distributed tickets can become stale and need to be purged. IOPLEX's first product was actually a Kerberos module for PHP. When I did Jespa I conscientiously decided to do NTLM instead because Kerberos is so fickle. I think that is one of the reasons why Jespa is so popular. It's easy to setup and once it is, it just works."

Reply
0 votes
Ellen Feaheny [
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2012

Here's a nice write up on NTLM -

http://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx

Supporting a lesser secure protocol than what else is now available (Kerberos) is not in Atlassian's best interest - as just an opinion.

Maybe you should consider a new path?

View More Comments
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 22, 2012

To be correct "supporting ... protocol" has never been in Atlassian interest in the context of NTLM authentication to Jira or Confluence or any other product besides Sharepoint Connector (where it is very much in their interest and that's exactly what they do there) - the support for all other applications was via a 3rd party plugin, which was NEVER supported by Atlassian.

My personal opinion is that there is a lot of FUD around Kerberos vs. NTLM on the net.

I've already quoted the developer of Jespa (surely both us and them do have a vested interest in NTLM) on this forum once about the "future of NTLM", here it is below again.

"Q: I am also a bit worried about NTLM being deprecated in favor of Kerberos - what's your take on that?

A: Kerberos does not work if they client does not have access to the DC (and under a variety of other conditions) so NTLM will never be deprecated in favor of Kerberos. At least not Kerberos in it's current form. I suspect Microsoft will eventually add some extension of Kerberos that does not have these restrictions. But if they don't have that on the drawing board yet it will be many years before they can shelve NTLM.

Note that NTLM is actually better than Kerberos in many ways. Kerberos is very fickle. Kerberos clients must have direct access to DCs, DNS has to be exactly right for clients and servers, time has to be synchronized to within usually 5 minutes on the client, server and DC, if new Kerberos keys are distributed tickets can become stale and need to be purged. IOPLEX's first product was actually a Kerberos module for PHP. When I did Jespa I conscientiously decided to do NTLM instead because Kerberos is so fickle. I think that is one of the reasons why Jespa is so popular. It's easy to setup and once it is, it just works."

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events