[jcifs] jcifs-0.9.0b released
Eric
eglass1 at comcast.net
Sat May 15 10:20:05 GMT 2004
Michael B Allen wrote:
> See the homepage for details. Lot's of little bits of info there.
>
> Mike
>
From the release notes:
The NtlmHttpFilter has been modified to support "preauthentication" such
that if the jcifs.smb.client.{domain,username,password} properties are
supplied as init parameters, all transports will be initialized with
these credentials. This is the ideal setup for domain controllers that
require SMB signatures (although it has been observed that NT 4.0 at
least does not check the signatures of authentication requests).
I haven't had a chance to look at the implementation yet, but I had an
idea on this (and it may be how it's currently done). Would it be
feasible to have jCIFS do the preauth *anytime* you have an NPA object
with "external" hashes and signing required by the server? Something like:
if (hashesExternal && signingRequired) {
// connect using preauth to initialize signing on the connection
}
// now auth normally over the signed connection
This would solve the issue with SMB signing for Davenport; when the
connection is made to the underlying SMB resource, if the NPA object is
externally hashed and the server requires signing, we would just set up
signing using the preauth credentials then reauthenticate using the real
credentials. Signing on the connection would be done with the known MAC
key from the preauth account. Currently, signing only works with
Davenport if HTTP basic auth is used (since we know the password and can
calculate the MAC key for the account).
Eric
More information about the jcifs
mailing list