Jeffrey Winter jeffreywinter at gmail.com
Wed Jun 23 16:46:36 GMT 2004


I have been testing the SPNEGO support code that you posted a couple
of weeks ago and was hoping you might have some insight into an 
issue that I'm running into with NTML.

When I set "jcifs.http.enableNegotiate" to "false" so that the
AuthenticationFilter always sets the "WWW-Authenticate" header
to "NTML" I am able to authenticate against the domain controller 
without a problem.

When I set When I set "jcifs.http.enableNegotiate" to true,  it 
looks like IE6.0 is returning a SPNEGO token wrapping a NTML 
token as everything flows through the Authenticate.processNtml()
method.  The entire negotiation process goes without a hitch 
until it tries to authenticate based on the final Type 3 NTML token.

The call to:

 SmbSession.logon(dc, (NtlmPasswordAuthentication) principal);

in AuthenticationFilter, fails with an NT_STATUS_ACCESS_VIOLATION

The generation of the token types seems to be the same in either 
case, yet the Negotiate version if failing.   Do you have any 
insight on this, or hints at what I might be able to do to 
isolate the problem?



More information about the jcifs mailing list