[jcifs] Re: Request: Jcifs + Win 2003 / Active Directory
Michael B Allen
mba2000 at ioplex.com
Thu Jan 22 00:45:51 GMT 2004
Andrew Stevens said:
> I hope you don't mind that I've emailed you directly. Here's my problem...
I work for a large financial as well so I know you have certain privacy
considerations but this *is* an Open Source project so we need to try to
keep this high level stuff on the mailing list.
> We have a nice implementation of jcifs NTLM HTTP (filter) authorisation
> working --> Tomcat on Linux / NT4 Servers for domains etc.
> To get the implementation approved, our Security Manager wants me to
> definitively state whether this will work with Win2000 and Win2003.
> Specifically to state whether this will work with Active Directory.
> He has a test environment running Win2003 & AD. I supplied a bundled
> & JCIFS to try in that environment.
> Apparently it didn't work, but he couldn't provide much details as to why
> (maybe he doesn't want it to work. I'm not sure.)
> So, can you provide me with a summary of the state of Jcifs with Active
I don't think AD is involved at all. All JCIFS is doing is using NTLM
password hashes supplied by IE to authenticate users against IPC$ on the
domain controller (or an intermediate machine that will commuicate with
the domain controller such as the web server). But frankly I do not know a
lot about AD.
> Does this imply NTLMv2? I've read JCIFS may or may not work with NTLMv2.
> know much about the conditions which allow this to work or not?
JCIFS does NOT support NTLMv2. It does however support LMv2 which from a
security standpoint is claimed to be as good as NTLMv2. How that would
work in the recommended MS environment with AD I just don't know yet.
> Are there specific settings which I can change to make this work? Or is it
> case of me needing to develop a custom NTLM HTTP filter based on the JCIFS
The only practical way to determine what would be necessary for it to work
in the said environment is to try it.
More information about the jcifs