[jcifs] jcifs-0.9.0b released
Michael B Allen
mba2000 at ioplex.com
Sun May 16 05:36:17 GMT 2004
Eric said:
> Michael B Allen wrote:
>> See the homepage for details. Lot's of little bits of info there.
>>
>> Mike
>>
>
> From the release notes:
>
> The NtlmHttpFilter has been modified to support "preauthentication" such
> that if the jcifs.smb.client.{domain,username,password} properties are
> supplied as init parameters, all transports will be initialized with
> these credentials. This is the ideal setup for domain controllers that
> require SMB signatures (although it has been observed that NT 4.0 at
> least does not check the signatures of authentication requests).
>
>
> I haven't had a chance to look at the implementation yet, but I had an
> idea on this (and it may be how it's currently done). Would it be
> feasible to have jCIFS do the preauth *anytime* you have an NPA object
> with "external" hashes and signing required by the server? Something
> like:
>
> if (hashesExternal && signingRequired) {
> // connect using preauth to initialize signing on the connection
> }
> // now auth normally over the signed connection
Yeah, I'll look into it. Currently this is handled entirely within the
filter:
in init:
if( Config.getProperty( "jcifs.smb.client.password" ) != null ) {
preauth = new NtlmPasswordAuthentication( null, null, null );
}
in doFilter:
if( preauth != null ) {
SmbSession.logon( dc, preauth );
}
SmbSession.logon( dc, ntlm );
but my first thought is it's not unreasonable to push this further down.
It's a pretty easy change wherever it is.
Mike
More information about the jcifs
mailing list