[jcifs] Linux and Windows

eglass1 at attbi.com eglass1 at attbi.com
Fri Mar 28 05:00:08 EST 2003 

I wasn't able to reproduce this... are you talking about just accessing the 
site like

http://10.10.2.20/path/page.jsp

This worked properly for me.  If you could provide instructions on reproducing, 
I will take a look at it.  Thanks!

Eric
> I installed this update and used it.  Thank you Eric.  There is one thing
> that I have noticed.  When getting at the site with a ipaddress in the URL
> this filter and browser get in a loop passing info back and forth without
> the browser ever sending in the proper authentication or the filter timing
> out.  I will try to isolate this a little more and hopefully come up with a
> fix.
> 
> I agree with Eric that this kind of functionality needs to be around so that
> we can replace IIS servers with much better free Java Web servers.  This is
> a great package and I thank all who have worked on it.
> 
> Thank You
> Jim
> 
> -----Original Message-----
> From: eglass1 at attbi.com [mailto:eglass1 at attbi.com]
> Sent: Thursday, March 27, 2003 7:59 AM
> To: Tyrrell, James
> Cc: miallen at eskimo.com; jcifs at lists.samba.org
> Subject: Re: [jcifs] Linux and Windows
> 
> 
> > The real solution here is to stick with the method selected and enable
> > Mozilla to negotiate NTLM password authentication. Unfortunately,
> > last I heard, there is a bug in Mozilla's that has to do with reissuing
> > requests over *the same* connection. Mozilla is not incorrect to close
> > and reissue requests on a new connect. In fact NTLM HTTP authentication
> > is non-standard in this respect. So those two facts have not compelled
> > the Mozilla folks to incorporate this functionality. Still, I think this
> > is really a Mozilla problem. It's certaintly not a jCIFS problem! :~)
> > 
> 
> Persistent connections are actually the default behavior in HTTP 1.1
> (although NTLM is still weird in that it REQUIRES persistence).
> 
> 
> > See Mozilla bug reports:
> > 
> >   http://bugzilla.mozilla.org/show_bug.cgi?id=23679
> > 
> > Also the below describes a patch that implements some kind of Windows
> > passwordless authentication however it's not clear to me what it does
> > exactly:
> > 
> >   http://bugzilla.mozilla.org/show_bug.cgi?id=159015
> > 
> > Quite a few people have had their hands in this problem. If you look
> > closely even Andrew Bartlett from Samba is involved.
> > 
> > Mike
> > 
> 
> This uses the Microsoft SSPI libraries, so it is a Windows-only fix
> (basically,
> rather than implementing the client side of NTLM, they just pass the tokens
> to
> the native APIs).  This approach was probably taken for simplicity's sake.
> There is an NTLM HTTP client in the Jakarta Commons which contains an open
> source Java implementation; it would be interesting to examine that further.
> I'm not at all familiar with the Mozilla codebase, but it would at least
> seem
> feasible to try incorporating this logic into Mozilla and give NTLM to the
> non-Wintel world.
> 
> That being said, there are a few compelling reasons to add HTTP Basic
> support.
> I'm not sure it's reasonable to expect every HTTP client on the planet to
> start
> supporting NTLM.  Even if Mozilla gets this working, there are still lots of
> clients that will never provide support.  Also, IIS can be configured to
> provide both Basic and NTLM authentication.  Currently, if a servlet needs
> this
> functionality (i.e., to service non-IE clients but still authenticate them
> against a domain), the only real alternative is to install a servlet
> container
> under IIS and use IIS to provide authentication.  It would be nice to be
> able
> to replace this IIS niche market completely with jCIFS.
> 
> Attached is my take on this; this version defines two properties:
> 
> jcifs.http.basicRealm -- realm for basic authentication (defaults to
> "jCIFS")
> jcifs.http.enableBasic -- enable basic authentication
> jcifs.http.insecureBasic -- enable basic authentication over plain HTTP
> 
> By default, basic is disabled completely.  By setting enableBasic to true,
> Basic authentication is enabled over HTTPS only.  By setting insecureBasic
> to
> true, Basic authentication is also offered over insecure HTTP.
> 
> I think this provides a pretty fair balance, in that a conscious effort has
> to
> be made on the part of the jCIFS user to enable an insecure configuration.
> 
> In any case, this should serve James' needs.
> 
> Eric

More information about the jcifs mailing list