[jcifs] Re: SPNEGO NTLM/Kerberos
Michael B Allen
mba2000 at ioplex.com
Wed Jun 2 02:56:10 GMT 2004
Excellent Eric. Thanks.
But I think it's safe to say this is not destined for inclusion anytime
soon. We have a few corner cases for external hashes such that I think we
need to start rethinking how we handle authentication and manage
credentials (in particular we have failed to nicely incorporate the N-step
authentication concept in an abstract way). This stuff touches on ideas
that transcend the whole library and I fear we would just be digging
ourselves in a hole if we tried to shoe-horn this in now.
So let's look forward;
0.9 is going to be *stable* (knock on wood). So aside from harmless
AbstractFile util add-ons I'm not going to do anything "new" for a while.
At some point I want to release a 1.0. This might be a good opportunity to
do that (then I guess we might need a -devel branch?). Not sure how I'm
going to work that out.
Then we'll have the room to do all the cutting edge stuff like RPC and
SPNEGO. We'll tear the whole thing down to the valve covers if necessary.
But don't let that stop people from playing with this now. I'll put it in
the download area and let folks prove it works as advertised. That makes
my job of just making everything play nice together MUCH easier as I will
not have to worry too much about protocol details.
The most important thing is that we keep the API small and simple. That
makes it easy to use, easy to document, and keeps the daemons at bay. Of
course that demands forethought or painful refactoring (mutually
exclusive) which takes a lot of time but pays off big in the long run.
> Attached is a patch to 0.9.0 to provide SPNEGO Kerberos/NTLM HTTP
> authentication (as well as a lightweight "backbone" for CIFS extended
> authentication). This is fairly bleeding edge (read: not tested very
More information about the jcifs