[jcifs] Is there a simple C library for the NTLMSSP?

[eglass1 at attbi.com]

> I don't know that using the windows library would work (if it did, someone 
> would have done this already).
> 
> I'm trying to create a DSAPI filter (authentication filter) for the Domino 
> web server so that it can handle authentication via Internet Explorer 
> silently.
> 
> I have worked with the jcifs library (and read through the java code) and 
> understand 'how it works', i am now at the tedious part where, without 
> finding a suitable C version, I have to port the java code back to C (which 
> I don't think will be all that exciting).
> 
> If you have any suggestions on windows libraries that can do something like 
> this already, i'd be more than happy to look them up (I just don't know of 
> any).

The Windows API for doing this sort of thing is SSPI.  It is the Microsoft
version of GSSAPI, which is kind of a "meta-authentication" API; it provides a
framework for producing and consuming opaque authentication tokens, which are
processed by an underlying authentication mechanism.  NTLM is one such
mechanism; Kerberos is another, as well as SPNEGO (which is itself a mechanism
for negotiating a "real" mechanism).

There is some pretty good documentation on using SSPI available from
Microsoft's site;  I would also recommend:

http://msdn.microsoft.com/msdnmag/issues/0800/security/default.aspx

This article gives a good overview of how SSPI works, as well as a very useful
free utility w/source code which lets you step through the authentication
handshaking token-by-token.

If you're on a Windows platform this is probably the easiest way to go
(using SSPI with the NTLM mechanism).  All you really have to do is
base-64-encode the SSPI tokens and send them; you don't even need to know
anything about NTLM itself, since SSPI abstracts all of that away for you.

Eric