[jcifs] Cancel NTLM-Authentication Serverside

Ingo Rockel irockel at pironet-ndh.com
Fri Dec 17 09:54:53 GMT 2004

Hi Mike,

are you sure about the mentioned name? I googled for the name and only 
found three postings, one in a thread about NTLM but concerning man in 
the middle attacks with NTLM based auth. Haven't found anything googling 
for the issue so far...



Michael B Allen schrieb:
> On Fri, 17 Dec 2004 09:54:19 +0100
> Ingo Rockel <irockel at pironet-ndh.com> wrote:
>>Hi all!
>>maybe someone has an idea concerning this. We have an application 
>>running in an OracleAS application server, jcifs is configured as sso in 
>>a filter. There also is a form-based login configured using a security 
>>constraint in the application server. So if a client logs in, the 
>>jcifs-ntlm-sso is called requesting ntlm-credentials, checking againt a
>>Now the customer wants the login process to present the form based login 
>>to be shown if the sso against the dc fails because the client is 
>>unkown. First try was just to ignore the ntlm-login-fail and present the 
>>form based login. But problem is in this case IE thinks NTLM-auth was 
>>successfull and uses the NTLM header for all its requests. And the IE 
>>seems to have a special behavior concerning post-requests (like a form 
>>based login), it tries to reauthenticate the post request without 
>>sending the post data, unfortuneately the app server has the mentioned 
>>security constraint on this url and so again shows the form based login 
>>and the client is trapped.
>>Any idea how to tell the IE silently to stop trying to send NTLM-creds 
>>after first try failed.
> Someone once claimed to have had some success with sending back some kind
> of error that trick IE into thinking the session should be invalidated. I
> don't think it was 403 as that will cause the Network Password Dialog
> to pop up. Try googling for Eric Glass messages about this.
> Or maybe someone else on the list has done this?
> Mike

Ingo Rockel - Produktentwicklung
Maarweg 149-161, 50825 Koeln
Tel.: +49 (0)221-770-1788 / Fax: +49 (0)221-770-1005
mailto:irockel at pironet-ndh.com - http://www.pironet-ndh.com

More information about the jcifs mailing list