[jcifs] Turn off NTLM authentication in IE after it has been set?
Chris_Conner at Dell.com
Chris_Conner at Dell.com
Thu Jan 15 23:07:55 GMT 2004
Thanks for your response.
I would like to be able to turn NTLM off on IE(no IE login prompt) so I can
log in via my product logon screen. Do you know if there is a way to reset
IE's WWW-Authenticate to not use NTLM any longer after it has been set?
From: jcifs-bounces+chris_conner=dell.com at lists.samba.org
[mailto:jcifs-bounces+chris_conner=dell.com at lists.samba.org] On Behalf Of
Michael B Allen
Sent: Thursday, January 15, 2004 2:49 PM
To: Conner, Chris
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] Turn off NTLM authentication in IE after it has been
> Need way to turn off NTLM in IE after it has been set?
> After the Authorization header "WWW-Authenticate= NTLM" is sent to
> the client and the user is logged on via NTLM handshake, the user
> then wants to log out and log in manually using a different
> account.(non NTLM internal authentication via a servlet would be
> The problem is that I need a way to tell IE to not use NTLM
> authentication anymore. i.e. pass back something like "Authorization
> header = none" to turn off NTLM from the client side? Does anyone
> know if this can be done?
NTLM HTTP auth is triggered entirely on the server side. Negotiation is
triggered by replying to a GET or POST request with an unauthorized error
WWW-Authenticate: NTLM header. Now the part you are probably interested in
is the fact that if the negotiated credentials are rejected, IE will pop up
the Enter Network Password Dialog. So, if you want users to be able to
subvert the SSO mechanism so they can explicitly enter new credentials just
sent the unauthorized error and WWW-Authenticate: NTLM header the right
number of times to trigger that dialog to come up. The trick is you need to
do this without losing track of what your doing. I'm not certain how such a
thing would work. You could set the "NtlmHttpAuth" key in the HttpSession to
'null' as an indicator to the NtlmHttpFilter that this above described
re-negotiation should take place. Of course that would require changing the
Filter. I'm working on the Filter right now so maybe I'll explore this idea
a little later.
A program should be written to model the concepts of the task it performs
rather than the physical world or a process because this maximizes the
potential for it to be applied to tasks that are conceptually similar and,
more important, to tasks that have not yet been conceived.
More information about the jcifs