[jcifs] NtlmHttpFilter - authentication
Michael B Allen
mba2000 at ioplex.com
Thu Mar 4 02:09:50 GMT 2004
Eric said:
>>>>There is a looming problem however. This technique does not work in a
>>>>pure
>>>>AD environment.
>>>>
>>>
>>>Which part causes issues?
>>
>>
>> I thought we had some people with AD issues? Since we never quite
>> resolved
>> them I assumed there was an issue with those environments because we do
>> IPC$ on port 139. Glad to hear that may not be true.
>>
>
> There probably would be issues -- I just wasn't clear on which part
> specifically. I think you're correct; in a pure AD environment you
> would typically just do "raw" SMB over TCP on port 445 (which we
> currently don't support). I suppose you could maybe install NetBIOS on
> a single server and use that as the "domain controller" for the filter;
> not entirely sure if that would work or not, but it would make for an
> interesting experiment. If support for port 445 is implemented in jCIFS
> that should work as well.
Ehe. This will be in 0.9.
> In a pure active directory environment, extended security is typically
> used to negotiate Kerberos authentication via SPNEGO. There isn't any
> requirement for this, however; you can always negotiate NTLM over
> SPNEGO, or just use raw NTLM. I believe NTLM is always available, as
> it's needed for member-member and inter-forest authentication.
Good to hear. But NTLMv2? That's another thing that's "looming".
Mike
More information about the jcifs
mailing list