[jcifs] How will NTLM HTTP Authentication work in more than one
domain
Guofeng Zhang
guofeng at radvision.com
Wed Nov 3 10:04:25 GMT 2004
The *workstation* is the workstation that the user is using, or the
workstation that my application is running on?
Thanks
-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com]
Sent: Wednesday, November 03, 2004 5:36 PM
To: Guofeng Zhang
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] How will NTLM HTTP Authentication work in more than
one domain
On Wed, 3 Nov 2004 14:52:50 +0800
"Guofeng Zhang" <guofeng at radvision.com> wrote:
> Mike,
>
> Thanks for your reply. Thing become complicated, and please kindly
help
> me again.
>
> If Domain A and Domain B cannot create the trust relationship, and my
> application site in Domain A. For my application to authenticate a
user
> from Domain B, can I modify NtlmHttpFilter works in this way:
> (1) My application challenges the user.
> (2) After the Type 1 message received and decoded by Type1Message,
I
> can know the domain of the user from the message.
Well, that is the domain of the *workstation* but presumably that domain
*will* have a trust relationship with the user's domain. But that's not
guaranteed. Unfortunately there is no concrete way to know the user's
domain before authentication is negotiated. Odd but true. I think it's
pretty much a defect in the protocol.
Mike
--
Greedo shoots first? Not in my Star Wars.
More information about the jcifs
mailing list