[jcifs] a question concerning the calling hostname for authentification

eglass1 at comcast.net eglass1 at comcast.net
Sat Oct 11 03:09:01 EST 2003


> "jcifs.netbios.hostname" property is evaluated in the class NbtAdress in a
> static procedure. So that is the reason, why it is only evaluated once. But
> we have no idea, how the package could be used or patched, so that the
> calling hostname can be set dynamically.
> 

This is similar to a question posed a few days ago (maybe from the same
person -- the list archive appears to be down for maintenance currently).  If I
understand correctly, users are allowed to login only from specific
workstations, as would be set like:

NET USER myuser /WORKSTATIONS:WKSTNA,WKSTNB /DOMAIN

(I think that's what you're referring to anyways).  You want to change the
jcifs.netbios.hostname parameter dynamically, so that the presented hostname
matches one from the allowed set for the user (i.e.,
"WKSTNA").

I don't think there's currently a way to do this (without modifying the
source).  The easiest way (if feasible) would be to add a predefined jCIFS
hostname to each user, then set that as the jcifs.netbios.hostname; i.e., you
would do:

Config.setProperty("jcifs.netbios.hostname", "JCIFS");

then set something like:

NET USER myuser /WORKSTATIONS:WKSTNA,WKSTNB,JCIFS /DOMAIN

for each user.  This would, of course, be painful if you have several thousand
users to manage (although there may be some sort of policy setting; I'm not
terribly familiar with Windows administration, so there may very well be a
better way of doing this).  You could modify the source, but it would be
tricky to get it right; just setting the property dynamically probably
wouldn't do it, since you could get concurrent requests.  You'd probably need
to manage it at a lower level.  I'm not sure exactly what would be involved,
but I *think* this is at the NetBIOS level; if you wanted to change it for
each request, you might have to create a new connection to the SMB server for
each.  This would be a significant reworking (as currently we multiplex a lot
of stuff over a *single* connection to the SMB server).  Mike or Chris would
be able to give more insight if you really wanted to go this route.


Eric




More information about the jcifs mailing list