[jcifs] NtlmPasswordAuthentication class not serializable

[Greg Taylor]

I finally got back to this issue (almost 3 months later!)  Anyways, I made
NtlmPasswordAuthentication implement Serializable and did some testing.  For
our purposes, all we require after the initial authentication is that the
object exists in the session and we can get a user name out of it, so the
Serializable change was sufficient.  For problems with the hashes being
invalid once the object has been serialized, is it possible to make them
transient and reinitialize them if the object is serialized?  (i.e. check
for null?)  I don't fully understand the hashing issues, but this may be a
solution for all users.

We're using a hacked version of the jCIFS library now, but I hope we will
see a version in the future with any session objects implementing
Serializable.

Thanks,
Greg Taylor.

-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com]
Sent: Wednesday, October 08, 2003 11:56 PM
To: Eric
Cc: Greg Taylor; 'jcifs at lists.samba.org'
Subject: Re: [jcifs] NtlmPasswordAuthentication class not serializable



> I don't see any real issues in making the class serializable (although
> semantically it really isn't).  It would get rid of the errors you're
> seeing.  I'll do some testing, but it should be fairly harmless.

All of this really depends on what will happen when the NPA is
deserialized with incorrect password hashes. It really just needs to be
tested.

Greg,

If you change NPA to implement Serializable what happends after a session
is migrated?

Mike

-- 
A program should be written to  model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the  potential for it  to be applied  to tasks that are
conceptually similar and, more  important, to tasks that have not
yet been conceived.