[jcifs] Win 2003 support?

Eric eglass1 at comcast.net
Mon Sep 1 23:07:18 EST 2003

>>I was doing some work on enabling signing with jCIFS; I'll dig it up and 
>>see what I can get going.
> 	That would be nice :)

Hmmm... even if we get signing working, we will still see some issues.

Enabling signing will allow us to communicate with servers which require
SMB signing; however, passthrough authentication *won't* work.  The
reason is that the user session key (used to sign the SMBs) is based on
the password *hash*; in passthrough authentication, all we have is the
password *response*.

We can probably still get away with doing simple authentication using
external hashes; signing doesn't actually start until the first
SessionSetupAndX response (at which point the authentication has been
validated).  But subsequent file operations will fail, since we will be
unable to calculate the session key properly.

In short, this means that Davenport, NetworkExplorer, etc. still won't
work with signing enabled.  "Normal" SmbFiles (created with a password),
however, *would* work, as would Davenport with HTTP Basic authentication
(as the password is available).

The complete solution would be to implement RPC NetLogon, but we're a
ways from that; even once simple RPC functionality is in, that's one of
the more difficult ones to implement (as it is my understanding that it
requires SecureChannel encryption to the domain controller).


More information about the jcifs mailing list