[jcifs] Authentication caching

Michael B. Allen miallen at eskimo.com
Sat Feb 8 08:25:44 EST 2003 

On Fri, 7 Feb 2003 12:59:48 -0800 
Jammy_Pate at NAI.com wrote:

> I'm trying to authenticate a user.  It authenticates fine but if you try to
> authenticate again within 15 seconds it will always be successful even with
> a bad password.

The jcifs.smb.client.soTimeout property can be decreased to trigger the
socket to close and clear the state of the sessions attached to it.

> I've included my source that I'm using to do this.  The first method is
> pretty much a straight copy from the example on jcis site.
> 
> Except that I've added the jcifs config set property.  I did this to try to
> see if the soTimeout was causing this condition.

<snip> 
>             jcifs.Config.setProperty("jcifs.smb.client.soTimeout","1");

This will not work. After sending a request the socket will close after
1 millisecond. The absolute minimum time required to authenticate a user
is more like 5ms. Of course it might also take much longer depending on
network conditions. This code will probably throw an exception. Not sure
what will happen actually.

> public static void main(String[] args) throws Exception
> 
>   {
> 
>   NTdomainPAM ntpam = new NTdomainPAM();
> 
>   //try with good password
> 
>   boolean b = ntpam.jcifsAuthenticateOld("domain
> ","jpate","pass","10.20.90.202");
> 
>   System.out.println(b);
> 
>   // try with bad password is succesful
> 
>   b = ntpam.jcifsAuthenticateOld("domain
> ","jpate","adfadsf","10.20.90.202");
> 
>   System.out.println(b);
> 
>   }


This example is not indicitive of reality. Several people have presented
these kinds of tests and complained.  Currently if a different user does
not authenticate every 15 seconds the cache is cleared.  Please provide a
use case that illustrates when an application would need to authenticate
that many users that frequently.

Mike

-- 
A  program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes  the  potential  for it to be applied to tasks that are
conceptually  similar and, more important, to tasks that have not
yet been conceived.

More information about the jcifs mailing list