NTLM auth locking service user

[rokx]

Hi,
I just had issues for the past months because px service was locking the associated user. The service is running on a windows server and the credentials are stored in Credentials Manager.

The issue was that everytime I tried accessing a blocked url from the main proxy, the badPwdCount in AD would increase by 1. After 3 tries the user was always locked.

I suspected there has to be some issues with the implementation of cntlm that is probably trying multiple times with different NTLM versions or something.

Based on few threads on internet I took a hit and updated the included cntlm library from 8.6.0 to the latest 8.11 from https://curl.se/windows/.
Path where the ddl was updated: px/Lib/site-packages/px/libcurl/libcurl-x64.dll

Suddenly the issue dissappeared. The user does not get locked anymore.

I encountered the issues because of Jenkins update site mirrors that randomly proxy you to 10 different sites.

Please consider updating the included cntlm library.

Love this project! Thank you for all.

[genotrance]

Thanks for the report, I'm neck deep trying to migrate px to leverage pymcurl which is currently using libcurl v8.9.1 - can you please check if you still see the issue with that version of libcurl? Upgrading to v8.11 will be another big delay.

[genotrance]

I have updated pymcurl to 8.11.0 so this should hopefully fix your use case once released.