[jcifs] How will NTLM HTTP Authentication work in more than one domain

Guofeng Zhang guofeng at radvision.com
Wed Nov 3 10:04:25 GMT 2004

The *workstation* is the workstation that the user is using, or the
workstation that my application is running on?


-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: Wednesday, November 03, 2004 5:36 PM
To: Guofeng Zhang
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] How will NTLM HTTP Authentication work in more than
one domain

On Wed, 3 Nov 2004 14:52:50 +0800
"Guofeng Zhang" <guofeng at radvision.com> wrote:

> Mike,
> Thanks for your reply. Thing become complicated, and please kindly
> me again.
> If Domain A and Domain B cannot create the trust relationship, and my
> application site in Domain A. For my application to authenticate a
> from Domain B, can I modify NtlmHttpFilter works in this way:
>     (1) My application challenges the user.
>     (2) After the Type 1 message received and decoded by Type1Message,
> can know the domain of the user from the message.

Well, that is the domain of the *workstation* but presumably that domain
*will* have a trust relationship with the user's domain. But that's not
guaranteed. Unfortunately there is no concrete way to know the user's
domain before authentication is negotiated. Odd but true. I think it's
pretty much a defect in the protocol.


Greedo shoots first? Not in my Star Wars.

More information about the jcifs mailing list