[jcifs] NTLM authentication to local computer when not on network?

Chris_Conner at Dell.com Chris_Conner at Dell.com
Fri Jan 16 19:59:57 GMT 2004


Is it possible to perform NTLM authentication if the computer is not hooked
up to the network.(no domain controller)? I want to authenticate against the
local machine in which the user is logged into.

I'm getting the following exception: jcifs.smb.SmbException" Connection
refused: connect
I'm setting the domain controller to the loop back address(127.0.0.1) when
getting the exception above.(Since the computer isn't on the network it
doesn't have an id address)

-Chris


-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: Thursday, January 15, 2004 10:05 PM
To: Conner, Chris
Cc: jcifs at lists.samba.org
Subject: RE: [jcifs] Turn off NTLM authentication in IE after it hasbeen
set?



> Thanks for your response.
> I would like to be able to turn NTLM off on IE(no IE login prompt) so 
> I can log in via my product logon screen. Do you know if there is a 
> way to reset IE's WWW-Authenticate to not use NTLM any longer after it 
> has been set?

The way this works is when IE sends a request, the filter sends
WWW-Authenticate: NTLM, which initiates a little back-and-fourth to get the
password hashes, authenticates the user against the domain controller, and
if successful stores that in the form of an NtlmPasswordAuthentication
object in the HttpSession as an attributed keyed by the String
"NtlmHttpAuth". If subsequent requests see that NtlmHttpAuth attribute no
additional negotiation occurs[1]. It's HTTP business as usual. Now, if you
decide to all of the sudden do some kind of additional authentication that's
fine. You could sen WWW-Authentication: Basic and do Basic authentication
(hopefully with SSL). So I don't think you want to "reset" it other than to
maybe remove the "NtlmHttpAuth" attribute. You don't need to actually
"logout" first. You could just do your authentication as usual. Now if the
user isn't a member of any domain and the authentication is failing then you
might need to somehow bypass the filter or disable it. For example you could
have an alternate URL that does your regular form based authentication and
then create an default NtlmPasswordAuthentication object and put it in the
HttpSession so the filter let's you through. Or as someone else explained
you could modify the filter to recognise some parameter in the URL to
trigger the alternate authentication method. Just be careful you don't
accedentally drop the pants on your site. Perhaps we can work in a standard
way to use alternate form based authentication. I'll look into it. I know
that doesn't help you right know but that's all I can do.

Mike

-- 
A program should be written to  model the concepts of the task it performs
rather than the physical world or a process because this maximizes the
potential for it  to be applied  to tasks that are conceptually similar and,
more  important, to tasks that have not yet been conceived.



More information about the jcifs mailing list