[jcifs] No response to NTLM challenge: **SOLVED**

Steven.Durkin at scotland.gsi.gov.uk Steven.Durkin at scotland.gsi.gov.uk
Fri Aug 13 14:37:33 GMT 2004 

*******************************************************************************************************************************************************
This email and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed.
*******************************************************************************************************************************************************

Eric,

Thanks for sending on the source. I have applied it, though as you
suggested the patch does not fix the issue for NTLM2!

I appreciate am may be straying into M$ land now, though I am still
thinking about the patches that you sent previously: could you explain
the significance of the settings of the NtlmMinClientSec registry values
to me? (Or point me at a source?) The reason I ask is that we currently
have NtlmMinClientSec and NtlmMinServerSec set to 0x00080000, and I
would like to understand the implications of changing these to another
supported value. I haven't found the M$ site to be very helpful on this
- amazingly enough! ;)

The reason I ask is that I need to argue for setting these registry
entries to something other than NTLM2 in order to apply your patches in
production, and then all will be tickety-boo! Unfortunately I don't know
enough about it yet to put together a convincing argument. I hope you
don't mind my approaching you again on this; unfortunately you are the
only authoritative source that I have!

S

> 
> Attached are patched versions of the TypeX messages to indicate
> support for 128- and 56-bit encryption; this would fix this issue for
> people who have registry settings indicating those as a requirement.
> It probably won't help your case though (as your box is requiring
> NTLM2).
> 
> Support for handling the NTLM2 session response on the server side
> (i.e. in the filter) would require extended security support in jCIFS.
>  This is on the horizon, but not in the immediate future I'm afraid :(
> 

The original of this email was scanned for viruses by the Government Secure Intranet (GSi) virus scanning service supplied exclusively by Energis in partnership with MessageLabs.

On leaving the GSi this email was certified virus-free

More information about the jcifs mailing list