[jcifs] NtlmPasswordAuthentication class not serializable

Michael B Allen mba2000 at ioplex.com
Wed Dec 31 00:27:42 GMT 2003

> I finally got back to this issue (almost 3 months later!)  Anyways, I made
> NtlmPasswordAuthentication implement Serializable and did some testing.  For
> our purposes, all we require after the initial authentication is that the
> object exists in the session and we can get a user name out of it, so the
> Serializable change was sufficient.  For problems with the hashes being
> invalid once the object has been serialized, is it possible to make them
> transient and reinitialize them if the object is serialized?  (i.e. check
> for null?)

I will look at this. I have a related issue with invalid password hashes after a
DFS referral so I'll think about this while I try to fix that.

> I don't fully understand the hashing issues, but this may be a
> solution for all users.
> We're using a hacked version of the jCIFS library now, but I hope we will
> see a version in the future with any session objects implementing
> Serializable.
> Thanks,
> Greg Taylor.
> -----Original Message-----
> From: Michael B Allen [mailto:mba2000 at ioplex.com]
> Sent: Wednesday, October 08, 2003 11:56 PM
> To: Eric
> Cc: Greg Taylor; 'jcifs at lists.samba.org'
> Subject: Re: [jcifs] NtlmPasswordAuthentication class not serializable
>> I don't see any real issues in making the class serializable (although
>> semantically it really isn't).  It would get rid of the errors you're
>> seeing.  I'll do some testing, but it should be fairly harmless.
> All of this really depends on what will happen when the NPA is
> deserialized with incorrect password hashes. It really just needs to be
> tested.
> Greg,
> If you change NPA to implement Serializable what happends after a session
> is migrated?
> Mike
A program should be written to  model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the  potential for it  to be applied  to tasks that are
conceptually similar and, more  important, to tasks that have not
yet been conceived.

More information about the jcifs mailing list