[jcifs] Resolution and Authentication

[Gary]

I hope this is appropriate for this list.

We've been using the JCIFS resolution and NTLM authentication functionality
within an application to verify that a user is who they say they are and that
they (still) work for our company.  We use public key encryption to
get login credentials from our client application to our server, and from the
server we use JCIFS/NTLM to verify the credentials.  Users login with
<domain>\<userID>  and password. If the user successfully authenticates,
then the application queries it's own database to see if the user has rights to
use the application.

There are around 30 or 40 of theses Systems deployed, in a large enterprise
across multiple business units and multiple subnets.  Each system may have
anywhere from 2 to 200 users from various domains connecting to the server.
The Server is implemented as a Servlet with desktop clients  connecting via RMI.

The Application's properties file has an entry for a local domain controller
which is used to hobble  together a <1B> lookup for a controller for the
user's domain in the event that JCIFS can't find one via  it's normal lookup
process.  We have had challenges resolving across subnets, but the application
 is important enough that the folks in operations will make adjustments to the
 network until things seem to work.  The network is a mixture of NT4 and Win2K

NT4 is soon to go away and the entire organization will be "Active Directoy
enabled" by the beginning of 2005.  My challenge is to make Operations happy.
They, of course, want user authentication within our application to be
completely transparent, with no machine names or IP address in the properties
file and no adjustments to the network.  I'm being told to look at options.

I'd appreciate any feedback.  Is it possible to use JCIFS host resolution and
NTLM authentication as described without providing physical address on a large
multi domain network? Would LDAP be a better choice in the new environment?