Problem with cross domain authentication

This bug was originally filed anonymously here: https://savannah.nongnu.org/bugs/?45089

When the client is on Domain A, and is requesting a resource on Domain B, and Domain A and B have a mutual trust relationship, we can get an authentication failure.

This happens if you build the response and specify a username without @domaiN in it.

libntlm sees that there is no @ symbol, so it tries to base the domain off the domain stored in the challenge. But the challenge holds the domain of the resource, rather than the client. So when building the response, the client gets mis-identified and the response fails.

A workaround is to always use the user@domain syntax when specifying the user for the response.

One way to solve this is to add a new method for building the response that lets you supply the client domain.