[jcifs] How will NTLM HTTP Authentication work in more than one domain

Michael B Allen mba2000 at ioplex.com
Wed Nov 3 09:36:09 GMT 2004

On Wed, 3 Nov 2004 14:52:50 +0800
"Guofeng Zhang" <guofeng at radvision.com> wrote:

> Mike,
> Thanks for your reply. Thing become complicated, and please kindly help
> me again.
> If Domain A and Domain B cannot create the trust relationship, and my
> application site in Domain A. For my application to authenticate a user
> from Domain B, can I modify NtlmHttpFilter works in this way:
>     (1) My application challenges the user.
>     (2) After the Type 1 message received and decoded by Type1Message, I
> can know the domain of the user from the message.

Well, that is the domain of the *workstation* but presumably that domain
*will* have a trust relationship with the user's domain. But that's not
guaranteed. Unfortunately there is no concrete way to know the user's
domain before authentication is negotiated. Odd but true. I think it's
pretty much a defect in the protocol.


Greedo shoots first? Not in my Star Wars.

More information about the jcifs mailing list