I’m pleased to announce the release of the RubySSPI library. So named
because it allows interaction with Microsoft’s Security Support
Provider Interface (SSPI) API, this library enables Ruby scripts using
Net::HTTP or open-uri to authenticate as the current Windows user with
proxy servers requiring NTLM authentication (e.g. Microsoft’s ISA).
What is it?
This library provides bindings to the Win32 SSPI libraries, which
implement various security protocols for Windows. The library was
primarily developed to give Negotiate/NTLM proxy authentication
abilities to Net::HTTP (and thus, open-uri), similar to support found
in Internet Explorer or Firefox.
The library is NOT an implementation of the NTLM protocol, and does
not give the ability to authenticate as any given user. It is able to
authenticate with a proxy server as the current user. It also does not
provide full bindings to the SSPI library, but could be extended in
that direction if anyone is so inclined. Someone recently mentioned
the idea of extending it to allow NTLM authentication with SQL server
(removing the need for usernames or passwords in configuration files).
What does it do for me?
If you are behind a proxy that authenticates all traffic, then this
library will enable your ruby scripts to authenticate with the proxy
as the current user. This solves the shortcomings of other solutions
(such as Basic authentication or the python APS proxy) which
require you to enter your username and password in clear text at least
It also enables scripts such as the “gem” commands to work without
special hacking. Methods of enabling these scripts are described in
the accompanying documentation.
Where is it?
How do I install it?
gem install rubysspi
Once the gem is installed, view the RDoc documenation for complete
instructions on using the library.
Please use the forums on the project page for bug reports, support
requests, etc. Enjoy the library!
 A proxy, implemented in python, which handles NTLM authentication
for you. It is implemented as a proxy-proxy, meaning you run it
locally and point all web traffic at it. It does require you enter
your username and password to work - it does not authenticate as the
“current” user. http://ntlmaps.sourceforge.net/