[jcifs] How will NTLM HTTP Authentication work in more than one domain

Guofeng Zhang guofeng at radvision.com
Wed Nov 3 06:52:50 GMT 2004


Thanks for your reply. Thing become complicated, and please kindly help
me again.

If Domain A and Domain B cannot create the trust relationship, and my
application site in Domain A. For my application to authenticate a user
from Domain B, can I modify NtlmHttpFilter works in this way:
    (1) My application challenges the user.
    (2) After the Type 1 message received and decoded by Type1Message, I
can know the domain of the user from the message. My application can
look up the domain controller(that is the ADS server's host name) from
its database. NtlmHttpFilter and NtlmSsp are modified to use the domain
controller to complete their further work. 

Can this work safely?

-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: Wednesday, November 03, 2004 1:20 AM
To: Guofeng Zhang
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] How will NTLM HTTP Authentication work in more than
one domain

On Tue, 2 Nov 2004 15:55:42 +0800
"Guofeng Zhang" <guofeng at radvision.com> wrote:

> Image there are two NT domains (for example A, B) managed by two
> 2000 servers separately. My web application runs on domain A. Can NTLM
> HTTP Authentication successfully authenticate a user from domain B?
> Or simply configure the two domains to trust each other?. How to
> configure jcifs.http.domainController?

>From the NTLM HTTP Authentication documentation [1]:

"Either a jcifs.smb.client.domain or jcifs.smb.client.domainController
property is required. This will be suitable to authenticate clients that
members of the specified domain as well as other domains with which it
trusts relationships."


[1] http://jcifs.samba.org/src/docs/ntlmhttpauth.html

Greedo shoots first? Not in my Star Wars.

More information about the jcifs mailing list