[jcifs] Re: Lots of jCIFS stuff

[Eric]

Allen, Michael B (RSCH) wrote:
> Eric,
> 
> Eventually I will more closely at all of the code you have submitted. At the moment I cannot really comment as I am not familar with the details of SSP. I started to read this:
> 
>   http://www.microsoft.com/windows2000/techinfo/howitworks/security/sspi2000.asp
> 
> but I'm only up to p.7 so I need a bit more time. I am pleased to see you would like to abstract the details of the SSP interface. Presumably there is an ssp package with interface definitions for
> which jCIFS would just be a provider of NTLM support?
> 
> Also I think the message limit is 50K. You're 19K zip file should go through ok.
> 
> Mike <<source.zip>> 
> 

This code actually just provides an encapsulation of the NTLMSSP 
messages (the type1, type2, etc.).  All it really does is make the 
process of doing NTLMSSP easier by doing the work of creating the 
messages (rather than manually populating the byte arrays, which is what 
we were doing previously, it moves that work into the Type1Message, etc. 
classes).

SSPI is the Microsoft implementation of GSS-API, for which a binding in 
Java is already defined (the org.ietf.jgss package in JDK 1.4).  This is 
a generic authentication framework, which can use many underlying 
mechanisms.  The JDK provides a Kerberos mechanism; Microsoft's SSPI 
provides Kerberos, SPNEGO (which is itself just a mechanism for 
negotiating a "real" mechanism), and NTLMSSP.  I started trying to 
integrate some of this (that was the SPNEGO stuff I sent previously), 
but it quickly became overwhelming.

This code is just a cleaner implementation of the NTLMSSP stuff we 
already have (basically the type-x messages).  I more or less gave up on 
the SPNEGO stuff for the time being.

Eric