[jcifs] Is there a simple C library for the NTLMSSP?
eglass1 at attbi.com
eglass1 at attbi.com
Mon Jun 16 20:07:41 EST 2003
> I don't know that using the windows library would work (if it did, someone
> would have done this already).
>
> I'm trying to create a DSAPI filter (authentication filter) for the Domino
> web server so that it can handle authentication via Internet Explorer
> silently.
>
> I have worked with the jcifs library (and read through the java code) and
> understand 'how it works', i am now at the tedious part where, without
> finding a suitable C version, I have to port the java code back to C (which
> I don't think will be all that exciting).
>
> If you have any suggestions on windows libraries that can do something like
> this already, i'd be more than happy to look them up (I just don't know of
> any).
The Windows API for doing this sort of thing is SSPI. It is the Microsoft
version of GSSAPI, which is kind of a "meta-authentication" API; it provides a
framework for producing and consuming opaque authentication tokens, which are
processed by an underlying authentication mechanism. NTLM is one such
mechanism; Kerberos is another, as well as SPNEGO (which is itself a mechanism
for negotiating a "real" mechanism).
There is some pretty good documentation on using SSPI available from
Microsoft's site; I would also recommend:
http://msdn.microsoft.com/msdnmag/issues/0800/security/default.aspx
This article gives a good overview of how SSPI works, as well as a very useful
free utility w/source code which lets you step through the authentication
handshaking token-by-token.
If you're on a Windows platform this is probably the easiest way to go
(using SSPI with the NTLM mechanism). All you really have to do is
base-64-encode the SSPI tokens and send them; you don't even need to know
anything about NTLM itself, since SSPI abstracts all of that away for you.
Eric
More information about the jcifs
mailing list