[jcifs] NtlmHttpFilter - authentication

eglass1 at comcast.net eglass1 at comcast.net
Wed Mar 3 15:46:56 GMT 2004

> Basicly is what I need to do is after the user is authenticated via NTLM
> I need to query active directory(AD) for the privileges that the user
> has for our application. In the case of single-sign-on IE only passes a
> password hash.(no cleartext password) I cannot figure out how to
> bind(ldap or ADSI) to AD without a user's cleartext password.

You wouldn't be able to do this with just the password hashes (actually, the
LM and NTLM responses, which is what you really have).

I *believe* AD supports NTLM as an LDAP authentication mechanism, but that
wouldn't really help you here.  If you can bind to LDAP as an administrator,
and then retrieve the roles for the authenticated user, that might be your
best bet.  But you wouldn't be able to employ the NTLM responses to
authenticate to the Active Directory server over LDAP as that user.


More information about the jcifs mailing list