[jcifs] RE: NTLM - SMB Interaction

Allen, Michael B (RSCH) Michael_B_Allen at ml.com
Wed Aug 14 10:54:01 EST 2002 

I think that I'm going to just make new SmbFile constructors that take an NtlmPasswordAuthentication
object and I suppose an NtlmHttpSession.getNtlmPasswordAuthention(). That will allow you to just do:

try {
    if( NtlmHttpSession.logon( req, resp ) == false ) {
        return;
    }
    out.println( "Success " + Math.random() + "<p>" );

    ntlm = (NtlmHttpSession)req.getSession().getAttribute( "NtlmHttpSession" );
    SmbFile f = new SmbFile( "smb://server/share/path", ntlm.getNtlmPasswordAuthentication() );
    ...use f here...

This is quite optimal. If an existing session exists multiple threads could be used and all IO will be
multiplexed over the same transport. Using NtlmAuthenticator doesn't work as well for web stuff where
you have to handle multiple users with different perms because you would have to lookup the
NtlmPasswordAuthentication object by username and the authenticator would only be provoked after
the client tried and failed to access a resource.

I'll make adjustments for 0.7.0b2.

Mike

> -----Original Message-----
> From:	Allen, Michael B (RSCH) 
> Sent:	Tuesday, August 13, 2002 6:35 PM
> To:	'Nestel, Frank  IZ/HZA-IC4'
> Cc:	Rutzen, Friedrich  IZ/HZA-IC4; 'jcifs at samba.org'
> Subject:	RE: NTLM - SMB Interaction
> 
> I'm not entirely sure what your asking but you can make an
> NtlmPasswordAuthentication object from the password hashes sent by IE
> which can be used with NtlmAuthenticator but setDefault() affects all users
> so I think additional support will be needed. I'll have to think about this further.
> 
> 	-----Original Message-----
> 	From:	Nestel, Frank  IZ/HZA-IC4 [SMTP:nestefan at de.ina.com]
> 	Sent:	Tuesday, August 13, 2002 10:20 AM
> 	To:	'Michael_B_Allen at ml.com'
> 	Cc:	Rutzen, Friedrich  IZ/HZA-IC4
> 	Subject:	NTLM - SMB Interaction
> 
> 
> 	Hi Mike,
> 
> 	we've been seening your NTLM automated IE assignement with
> 	Java. This is what we are looking for. Great stuff!!
> 
> 	Just to make it perfect we wonder if you see any chance to
> 	use an successfull NTLM Authentication to pass on 
> 	authorized requests do the jCIFS samba world. I.e. we'd
> 	like to proceed and access protected SMB resources after an 
> 	successfull NTLM authentication. We understand it is in the 
> 	nature of NTLM that there is no explicit password transported, 
> 	on the other hand we are missing a SMB-API to rely on the 
> 	authentication obtained by NTLM. 
> 
> 	Is this kind of logon impossible, did we miss the API or
> 	is the API (still) missing?
> 
> 	Thank you very much
> 	Frank
>

More information about the jcifs mailing list