[jcifs] NtlmHttpFilter - authentication

Michael B Allen mba2000 at ioplex.com
Thu Mar 4 23:53:20 GMT 2004


eglass1 at comcast.net said:
>
>>
>> Good to hear. But NTLMv2? That's another thing that's "looming".
>>
<snip>
> The problem for someone like us (that doesn't do extended security) is
> that
> we don't have a Type 2 message from the server; we just have the challenge
> that we got in the NegProtResponse.  We need to "fake up" an appropriate
> target information block to construct the NTLMv2 response for the Type 3
> message

Would it be cleaner to just implement the extended security negotiation?
We don't have to do Kerberos. Right?

> As a side note, It'd be interesting to see
> how
> clients without extended security construct the NTLMv2 response in the
> real
> world; toggling the LmCompatibilityLevel setting to 3 and accessing a
> share
> should do it, I just don't have any boxes without extended security
> capability (NT4 maybe?).

I have NT4. But none of the servers are configured to perform extended
security. I have a Win2000 machine next to me but I tried to change the
registry setting on it for signing once to no effect. I may not have the
proper rights on it. I have both NT4 and Win2000 at home though. Maybe I
can get it to work there (for a rainy day though).

Mike



More information about the jcifs mailing list