{"id":4132,"library":"ntlm-auth","title":"NTLM Authentication Library","description":"ntlm-auth is a Python library designed to create NTLM authentication structures, supporting NTLMv1 and NTLMv2, MIC for message integrity, channel binding tokens, and message signing/sealing. The current version is 1.5.0, with releases occurring periodically to add features and improve compatibility, though not on a strict schedule.","status":"active","version":"1.5.0","language":"en","source_language":"en","source_url":"https://github.com/jbogard93/ntlm-auth","tags":["authentication","ntlm","sso","windows","security"],"install":[{"cmd":"pip install ntlm-auth","lang":"bash","label":"Install base library"},{"cmd":"pip install ntlm-auth[ntlm_context]","lang":"bash","label":"Install with optional cryptography for faster encryption"}],"dependencies":[{"reason":"Optional dependency for faster RC4 cipher calls, significantly improving performance for encryption/decryption operations.","package":"cryptography","optional":true}],"imports":[{"note":"The 'Ntlm' class was deprecated in v1.2.0 in favor of 'NtlmContext' for a more generic and flexible interface beyond HTTP authentication.","wrong":"from ntlm_auth.ntlm import Ntlm","symbol":"NtlmContext","correct":"from ntlm_auth.ntlm import NtlmContext"}],"quickstart":{"code":"from ntlm_auth.ntlm import NtlmContext\nimport base64\n\n# Replace with your actual username and password\nusername = \"DOMAIN\\\\username\" # or just \"username\" for local accounts\npassword = \"your_password\"\n\n# 1. Client creates a Type 1 Negotiate message\ncontext = NtlmContext(username=username, password=password)\ntype1_message = context.create_negotiate_message()\nprint(f\"Type 1 (Negotiate) message: {base64.b64encode(type1_message).decode()}\")\n\n# 2. Server (simulated) responds with a Type 2 Challenge message\n# In a real scenario, this would come from the server\n# Example Type 2 challenge bytes (replace with actual server response)\n# This is a dummy example, actual challenge bytes would be different.\n# You can often capture this from network traffic or server logs.\ndummy_type2_challenge_bytes = (\n    b'\\x4e\\x54\\x4c\\x4d\\x53\\x53\\x50\\x00\\x02\\x00\\x00\\x00\\x08\\x00\\x08\\x00\\x38\\x00\\x00\\x00\\x01\\x82\\x88\\xe2\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x06\\x01\\x0c\\x00\\x00\\x00\\x00\\x0f')\n\n# Client processes the Type 2 message\n# The context state is updated with server details.\ntype2_processed = context.create_challenge_message(dummy_type2_challenge_bytes)\nprint(f\"Type 2 (Challenge) processed, context updated.\")\n\n# 3. Client creates a Type 3 Authenticate message\ntype3_message = context.create_authenticate_message()\nprint(f\"Type 3 (Authenticate) message: {base64.b64encode(type3_message).decode()}\")\n\n# This Type 3 message would then be sent to the server for authentication.","lang":"python","description":"This quickstart demonstrates the three-step NTLM authentication handshake using the `NtlmContext` class: creating a Type 1 Negotiate message, processing a (simulated) Type 2 Challenge message from the server, and generating a Type 3 Authenticate message. In a real application, the Type 2 message bytes would be received from the server."},"warnings":[{"fix":"Migrate your code to use `ntlm_auth.ntlm.NtlmContext` instead of `ntlm_auth.ntlm.Ntlm`. Review the `NtlmContext` documentation for new methods and properties.","message":"The `Ntlm` class (e.g., `ntlm_auth.ntlm.Ntlm`) was deprecated in version 1.2.0 in favor of `NtlmContext`. `NtlmContext` provides a more flexible and generic interface for NTLM authentication beyond just HTTP.","severity":"breaking","affected_versions":">=1.2.0"},{"fix":"Install the library with the `ntlm_context` extra: `pip install ntlm-auth[ntlm_context]`.","message":"For optimal performance, especially when dealing with numerous or large NTLM authentication flows, install the optional `cryptography` dependency. Without it, RC4 cipher calls will be significantly slower.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Upgrade your Python environment to a supported version (e.g., Python 3.6+ is generally safe, but always check current PyPI metadata for `requires_python`).","message":"Python 3.3 support was dropped in version 1.2.0. Additionally, specific Python 3.0, 3.1, and 3.2 versions are explicitly not supported. Ensure your Python environment meets the `requires_python` criteria for the installed version.","severity":"gotcha","affected_versions":">=1.2.0"},{"fix":"Upgrade to `ntlm-auth` version 1.5.0 or newer to access the latest NTLM functionality.","message":"Versions prior to 1.5.0 do not include features like `mic_present` property, `sign`, `verify`, and `reset_rc4_state` functions on the `NtlmContext`. If your application requires these advanced NTLM capabilities, ensure you are on version 1.5.0 or later.","severity":"gotcha","affected_versions":"<1.5.0"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}