[jcifs] Re: Davenport - Copy Operation Uses Many Ports?
eric.glass at comcast.net
Sun Jun 13 18:22:36 GMT 2004
Disregard my previous statement regarding the session cookie with NTLM;
this only applies to jCIFS' NtlmHttpFilter. The Davenport servlet
doesn't use the HTTP session to cache credentials, since each request
could potentially go to a separate SMB server on the backend (and would
require a new handshake with a new NtlmPasswordAuthentication object).
So the NTLM handshake would take place with every request, regardless of
whether the client sends the session cookie over; this, combined with
the closing of the connection on each handshake, would account for the
large number of connections you're seeing.
Don't know why I never noticed this previously; I'll do a bit more
experimentation, and release an update later this week. I'll also sync
the Davenport release up with jCIFS 0.9.2, as we should be able to
support SMB servers that require signing now. There are a couple of
other things I want to get in there as well.
I'm not sure why you're seeing issues with Basic auth; that tends to
work cleaner, typically. I'll investigate this as well, and see if I
can reproduce it.
To sum up what I'm planning for the NTLM "connection swamping" issue,
I'll likely do two things:
1) maintain a mapping of server -> NtlmPasswordAuthentication in the
user's HTTP session to cache credentials on a per-server basis. This
would cut down the number of NTLM handshakes to one per server, rather
than one per request.
2) experiment with the "Connection: close" to see if it is in fact
necessary to the handshake. If not, I'll introduce a Davenport
parameter to toggle connection closing (to allow backward compatibility
in the event that some clients end up requiring it). Assuming this
works, the HTTP connection should generally be kept alive throughout the
session (or at least, it wouldn't be closed during the NTLM handshakes).
>>It is HTTP traffic between the client and the Davenport Server. The
>>attached netstat shows the connections made by simply copying a Folder
>>containing 8 files from an SMB server to the client via Davenport
>>running on Windows. Interestingly enough, if I run Davenport on
>>Solaris, the connections stay in an ESTABLISHED state.
>>I took a look through a packet trace and the NTLM authentication
>>handshake is in fact happening for each operation. How can I force
>>Basic Authentication in Davenport? I set enableBasic=true and
>>insecureBasic=true, but still get authenticated via NTLM.
More information about the jcifs