[jcifs] Re: Davenport - Copy Operation Uses Many Ports?

Eric eric.glass at comcast.net
Sun Jun 13 18:22:36 GMT 2004


Disregard my previous statement regarding the session cookie with NTLM; 
this only applies to jCIFS' NtlmHttpFilter.  The Davenport servlet 
doesn't use the HTTP session to cache credentials, since each request 
could potentially go to a separate SMB server on the backend (and would 
require a new handshake with a new NtlmPasswordAuthentication object). 
So the NTLM handshake would take place with every request, regardless of 
whether the client sends the session cookie over; this, combined with 
the closing of the connection on each handshake, would account for the 
large number of connections you're seeing.

Don't know why I never noticed this previously; I'll do a bit more 
experimentation, and release an update later this week.  I'll also sync 
the Davenport release up with jCIFS 0.9.2, as we should be able to 
support SMB servers that require signing now.  There are a couple of 
other things I want to get in there as well.

I'm not sure why you're seeing issues with Basic auth; that tends to 
work cleaner, typically.  I'll investigate this as well, and see if I 
can reproduce it.

To sum up what I'm planning for the NTLM "connection swamping" issue, 
I'll likely do two things:

1) maintain a mapping of server -> NtlmPasswordAuthentication in the 
user's HTTP session to cache credentials on a per-server basis.  This 
would cut down the number of NTLM handshakes to one per server, rather 
than one per request.

2) experiment with the "Connection: close" to see if it is in fact 
necessary to the handshake.  If not, I'll introduce a Davenport 
parameter to toggle connection closing (to allow backward compatibility 
in the event that some clients end up requiring it).  Assuming this 
works, the HTTP connection should generally be kept alive throughout the 
session (or at least, it wouldn't be closed during the NTLM handshakes).


Eric

> 
>>It is HTTP traffic between the client and the Davenport Server.  The
>>attached netstat shows the connections made by simply copying a Folder
>>containing 8 files from an SMB server to the client via Davenport
>>running on Windows.  Interestingly enough, if I run Davenport on
>>Solaris, the connections stay in an ESTABLISHED state.
>>
>>I took a look through a packet trace and the NTLM authentication
>>handshake is in fact happening for each operation.  How can I force
>>Basic Authentication in Davenport?  I set enableBasic=true and
>>insecureBasic=true, but still get authenticated via NTLM.
>>
> 
> 



More information about the jcifs mailing list