[jcifs] Occasionally NTLM Filter fails...Please Help.

John Baker jbaker at javasystemsolutions.com
Mon May 18 19:32:41 GMT 2009 

Thank you for your professional response.  Clearly, my techincal understanding 
did not lead me to write an SPNEGO/Kerberos implementation.  Perhaps you 
could outline your thoughts on the pros and cons of SPNEGO/Kerberos over 
NTLMv2?  

On Monday 18 May 2009 18:20:48 you wrote:
> Now I remember you. You just can't give up on this can you?
>
> All of your questions are answered in the post cited but clearly you
> do not have sufficient technical understanding and therefore you
> should just stop posting.
>
> Do you really think that you can just heckle me into changing my mind?
> Is that really going to be your strategy?
>
> JCIFS is an implementation of the CIFS protocol which is completely
> unrelated to HTTP. Moving foward we will be removing all HTTP related
> code so there is no point in discussing future development of that
> code. Even if you knew what you were talking about, it's off topic
> here.
>
> Fork you.
>
> Mike
>
> On Mon, May 18, 2009 at 11:29 AM, John Baker
>
> <jbaker at javasystemsolutions.com> wrote:
> > Hi,
> >
> > So, it can't be fixed to make it totally secure, but it can be fixed to
> > do what it was originally designed to do - provide a working example of
> > an NTLM filter. I also assume it could be enhanced to support NTLMv2
> > given there are commercial products that do it - so it can't be
> > impossible to do it securely, unless all these commercial products are
> > insecure?
> >
> > Although, I don't really understand why one would use NTLMv2 over
> > SPNEGO/Kerberos.  NTLM seems to be the backup option to me - if the
> > SPNEGO token contains an NTLM token, there's little choice but to either
> > deny or process.
> >
> >
> > J
> >
> > On Monday 18 May 2009 16:18:51 you wrote:
> >> On Mon, May 18, 2009 at 11:06 AM, John Baker
> >>
> >> <jbaker at javasystemsolutions.com> wrote:
> >> > I suspect that once the static configuration has been replaced with
> >> > something that can be specified at runtime, i.e. to allow different
> >> > instances of jcifs with different configurations, it won't be too much
> >> > effort to fix the NtlmHttpFilter.
> >>
> >> Hi John,
> >>
> >> Actually no, the NtlmHttpFilter cannot be fixed. See this post for a
> >> detailed explanation:
> >>
> >>

More information about the jcifs mailing list