[jcifs] How will NTLM HTTP Authentication work in more than one
domain
Michael B Allen
mba2000 at ioplex.com
Wed Nov 3 09:36:09 GMT 2004
On Wed, 3 Nov 2004 14:52:50 +0800
"Guofeng Zhang" <guofeng at radvision.com> wrote:
> Mike,
>
> Thanks for your reply. Thing become complicated, and please kindly help
> me again.
>
> If Domain A and Domain B cannot create the trust relationship, and my
> application site in Domain A. For my application to authenticate a user
> from Domain B, can I modify NtlmHttpFilter works in this way:
> (1) My application challenges the user.
> (2) After the Type 1 message received and decoded by Type1Message, I
> can know the domain of the user from the message.
Well, that is the domain of the *workstation* but presumably that domain
*will* have a trust relationship with the user's domain. But that's not
guaranteed. Unfortunately there is no concrete way to know the user's
domain before authentication is negotiated. Odd but true. I think it's
pretty much a defect in the protocol.
Mike
--
Greedo shoots first? Not in my Star Wars.
More information about the jcifs
mailing list