[jcifs] Http NTLM authenticating everyone

Rupesh Kumar rupesh.kumar at blr.techspan.com
Fri Jan 24 18:57:38 EST 2003


Hi Mike,
I think the filter is working because it correctly displays my NT-domain
username. As far as I know, the filter sets up a challenge response with
MSIE and gets the domain, username and a password hash from it. After which
it calls SmbSession.logon(). I think there is something wrong with the logon
part because even when I enter a dummy username the filter lets the user
into the system.

Thanks,
-Rupesh

----- Original Message -----
From: "Michael B. Allen" <miallen at eskimo.com>
To: "Rupesh Kumar" <rupesh.kumar at blr.techspan.com>
Cc: <jcifs at lists.samba.org>
Sent: Friday, January 24, 2003 1:25 AM
Subject: Re: [jcifs] Http NTLM authenticating everyone


> On Thu, 23 Jan 2003 20:36:50 +0530
> Rupesh Kumar <rupesh.kumar at blr.techspan.com> wrote:
>
> > Hello,
> > I was trying out the NtlmHttpAuthExample servlet. I set the Security
option
> > for MSIE to "prompt for username and password". Now even when I enter a
> > dummy username and password the NtlmHttpFilter authenticates and I can
view
> > the generated page. The page says "dom1\<dummy user> successfully logged
> > in".
> > I am running MSIE 6 on Windows XP. Am I missing something?
>
> Is it possible that the filter is not properly installed? If it is not,
> natrually the servlet will be invoked. The NtlmHttpAuthExample is not
> very sophisticated about handling this condition. See the NTLM HTTP
> documentation. It talks about this.
>
> Mike
>
> --
> A  program should be written to model the concepts of the task it
> performs rather than the physical world or a process because this
> maximizes  the  potential  for it to be applied to tasks that are
> conceptually  similar and, more important, to tasks that have not
> yet been conceived.
>




More information about the jcifs mailing list