AW: [jcifs] NTLM Question?
Michael B Allen
mba2000 at ioplex.com
Mon Aug 11 16:44:40 EST 2003
>
>> > I am trying to use the NTLM authentication in jCIFS. I configured
>> > "jcifs.http.domainController" to machine "foo". Using IE I send the
>> user
>> > domain as "bar" will valid user credentials. The authentication
> succeeds.
>> > Does this mean that domain controller "foo" is doing the
>> authentication
> on
>> > behalf of domain "bar" for the supplied credentials.
>
>> I'm not really sure actually. If the two domains are in a trust
>> relationship they might replicate their SAM database or something like
>> that. But for all I know cross domain replication might not happen at
>> all
>> in which case the user of domain bar will simply be authenticated by the
>> domain controller for bar on behalf of the foo domain controller
>> specified.
>
> The SAM database will be only replicate to the domain controllers within a
> domain. If a domain dom1 has a trust to domain dom2 then all domain
> controllers of dom1 will create a security channel to any domain
> controller
> of dom2. Well, if a user of domain dom2 will logon to a computer in domain
> dom1
> then the dom1 computer sends the user credentials to his domain controller
> in
> domain dom1. This domain controller forward the credentails (over the
> security
> channel) to his domain controller in domain dom2 which authenticate the
> user.
Interesting. Good to know. It's a shame NTLM HTTP authentication doesn't
supply the authentication domain in the type-1-message. It would probably
be worthwhile to provide NTLM HTTP users with a screen that permits a user
to enter their domain the first time they visit the site and store it in a
cookie afterward.
Mike
More information about the jcifs
mailing list