[jcifs] jCIFS authentication stuff

eglass1 at attbi.com eglass1 at attbi.com
Thu May 15 23:40:41 EST 2003 

Hello all,

Serge made me aware of the James project; I thought it was pretty interesting, 
so I figured I'd take a whack at contributing.  I do some occasional work with 
the jCIFS team (http://jcifs.samba.org), mostly around NTLM authentication (I 
copied the jCIFS list on this, because some of them might find this interesting 
as well).

Attached are some changes to the POP3 stuff to support the AUTH mechanism from 
RFC 1734.  Included is code for the "NTLM" authentication method supported by 
Exchange and Outlook/Outlook Express.  Mechanism pluggability could be acheived 
pretty easily; I wasn't sure what means James used to dynamically locate and 
load extensions, so I just hardcoded a small stub into POP3Handler to preload 
the NTLM mechanism.

You will need to have the jCIFS library available to build and run this; you 
can get it from:

http://users.erols.com/mballen/jcifs

(the main jCIFS site is in a transition state).

You will also need to set the system property "jcifs.http.domainController" to 
the IP address of a box with SMB services running (doesn't have to be a "real" 
domain controller, just a Windows/Samba box offering filesharing services will 
do).  I did this via the PHOENIX_JVM_OPTS variable.

You will also need to create a mailbox user with a name corresponding to your 
domain username; i.e., if you are DOMAIN\jsmith, you would create a James 
user 'jsmith'.

To use this with Outlook Express, just point it at the James POP3 server and 
select "Log on using Secure Password Authentication".  This will do single-
signon NTLM authentication using the credentials of the logged in user.

For documentation on the NTLMSSP messages, here is a dissection I posted to the 
jCIFS list:

http://lists.samba.org/pipermail/jcifs/2003-March/002011.html

And if you want background on exactly how this works on the backend, you can't 
beat Chris Hertel's book:

http://ubiqx.org/cifs/SMB.html#SMB.8


Eric

> Eric,
> 
> Thanks for the code!  I've forwarded this to the James project, an 
> all-Java mail server, as we're trying to determine how to support 
> alternate authentication systems.
> 
> -- 
> Serge Knystautas
> President
> Lokitech >> software . strategy . design >> http://www.lokitech.com
> p. 301.656.5501
> e. sergek at lokitech.com
> 
> eglass1 at attbi.com wrote:
> > Mike/All,
> > 
> > Attached is a jCIFS-based authentication framework I have been working on.  
> > This decouples the NTLMSSP stuff from the HTTP (since NTLM is also used in 
> > other MS implementations, such as POP/IMAP authentication to Exchange).  It 
> > also contains a SPNEGO implementation, which is a good chunk of what is needed 
> > for Kerberos authentication, as well as the JAAS login module which I posted a 
> > while back.
> > 
> > Unfortunately, time constraints will be preventing me from doing much more 
> with 
> > this in the near future.  I was going to try and get the Kerberos 
> > authentication stuff going for Davenport, but that would also require 
> > substantial modifications to the jCIFS core, so I more or less gave up.  
> > Hopefully someone will find at least some of this useful.  
> > 
> > Rough notes are in "notes.txt"; an example of the NTLMSSP usage is 
> > in "test.java".  You will need to make the following changes to jCIFS if you 
> > want to compile this:
> > 
> > 1. In jcifs.smb.NtlmPasswordAuthentication, make the getNTLMResponse and 
> > getPreNTLMResponse methods public.
> > 
> > 2. Make the jcifs.http.NtlmHttpServletRequest class public, as well as the 
> > constructor.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 47032 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/020c7ba9/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 187 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/020c7ba9/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 7752 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/020c7ba9/attachment-0002.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 245 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/020c7ba9/attachment-0003.obj

More information about the jcifs mailing list